Identity Provider specifies the user pool to be given to clients. These predefined Identity Providers are used when creating Authentication Policy.
| Field | Description |
|---|---|
| Name | Name information of the API Identity Provider for the created Identity Provider. |
| Description | A description can be written to facilitate management related to the created API Identity Provider. |
| HTTP Method (Method) | The HTTP Method of the API address that will perform Authentication is selected. Default Value: GET. |
| URL (URL) | The address of the API that will perform Authentication is entered. |
| Timeout (Timeout) | If connection to the server is not made within the time given in seconds, it gives an error and the connection is terminated. Default Value: 10 seconds. |
| Use Message Template (Use Message Template) | Activated if a message template will be used for the API. |
| Template Content Type (Template Content Type) | The type of message template content is selected. Default Value: JSON. • XML • JSON |
| Message Template (Message Template) | Message template is entered depending on the selected message template type. |
| Take Username (Take Username) | Activated if username will be taken. |
| Take Username From (Take Username From) | The place where the username will be taken from is selected. Default Value: Incoming Request Message. • Incoming Request Message (Incoming Request Message) • Response of API Authentication (Response of API Authentication) |
| Username Variable (Username Variable) | A variable must be selected to access the username value. |
| Request Data Manipulation (Request Data Manipulation) | You can move parts of the incoming request that you want into the request message sent to the API that will perform authentication. Source Variable specifies which part of the incoming message will be taken, and Target Variable specifies where this information will be placed in the message to be sent to the API. |
An image containing the Assertion tab from the settings required for user verification via API is shown below:
| Field | Description |
|---|---|
| Assertion | |
| Assert Result Status Code (Assert Result Status Code) | Selected to use a specific result status code for assertion. |
| Expected Status Code (Expected Status Code) | The status code expected to be returned by the API is entered. |
| Assert Result Body (Assert Result Body) | Selected when a specific body is expected to be returned for assertion. |
| Expected Result Body (Expected Result Body) | The text that the response messages returned by the API are expected to contain is entered. |
| Assert Result XPath (Assert Result XPath) | Selected when a specific field of the incoming Xml message is expected to return a specific value for assertion. |
| XPath Expression (XPath Expression) | Xpath pointing to the part where the expected value is located is entered. |
| Expected Result Body (Expected Result Body) | The expected value is entered. |
| Assert Result JsonPath (Assert Result JsonPath) | Selected when a specific field of the incoming Json message is expected to return a specific value for assertion. |
| JsonPath Expression (JsonPath Expression) | Jsonpath pointing to the part where the expected value is located is entered. |
| Expected Xml Result (Expected Xml Result) | The expected value is entered. |
An image containing the Common Response tab from the settings required for user verification via API is shown below:
| Field | Description |
|---|---|
| Response Common (Response Common) | |
| Use Response Status Code of API in case of Failed Result (Use Response Status Code of API in case of Failed Result) | When a message that the assertion part will consider unsuccessful arrives, it returns the incoming Http status code as a response. |
| Use Response Message of API in case of Failed Result (Use Response Message of API in case of Failed Result) | When a message that the assertion part will consider unsuccessful arrives, it returns the error message as a Token response. |
An image containing the Response for Proxy tab from the settings required for user verification via API is shown below:
| Field | Description |
|---|---|
| Response for Proxy (Response for Proxy) | |
| Response Data Manipulation On Success - Source Value/Variable (Response Data Manipulation On Success - Source Value/Variable) | Variable used to express where any value in the message content should be taken from. (You can visit the Variables page for variable usage.) |
| Response Data Manipulation On Success - Target Value/Variable (Response Data Manipulation On Success - Target Value/Variable) | Variable used to express where any value taken from the message content to be returned in the response message should be placed. (You can visit the Variables page for variable usage.) |
| Response Data Manipulation On Failure - Source Value/Variable (Response Data Manipulation On Failure - Source Value/Variable) | Variable used to express where any value in the message content should be taken from. (You can visit the Variables page for variable usage.) |
| Response Data Manipulation On Failure - Target Value/Variable (Response Data Manipulation On Failure - Target Value/Variable) | Variable used to express where any value taken from the message content to be returned in the response message should be placed. (You can visit the Variables page for variable usage.) |
An image containing the Response for Token tab from the settings required for user verification via API is shown below:
| Field | Description |
|---|---|
| Response for Token (Response for Token) | |
| Insert Response Of API To Token Response (Insert Response Of API To Token Response) | If selected, the response returned from the API is returned as a Token response. |
| JWT Token Manipulation - Source Value/Variable (JWT Token Manipulation - Source Value/Variable) | Variable used to express where any value from the message content to be returned in the response message will be taken from. (You can visit the Variables page for variable usage.) |
| JWT Token Manipulation - Claim Name (JWT Token Manipulation - Claim Name) | The part taken from the message content is added to the Jwt Token’s content with the name given here. |
An image containing the Response for Roles tab from the settings required for user verification via API is shown below:
| Field | Description |
|---|---|
| Response for Roles (Response for Roles) | |
| Response Contains Roles (Response Contains Roles) | Activated if it is desired to get the roles of the authenticated user from within the response returned by the API. |
| Response Contains Roles (Response Contains Roles) | Variable used to express which value in the message content contains the roles. (You can visit the Variables page for variable usage.) |