Create v2 login policy

Now that you have an access token, you can use it to authenticate the following Hosted Login configuration calls for creating a v2 login policy.

Unlike the previous /login/token call, which required Basic Authorization with an ID and secret, these calls require Bearer Token Authorization with the access token you just provisioned. This token lasts one hour - when it expires, you can go back and provision a new one.

Step 1: GET OIDC client configuration

Call the /config/clients/<janrainOidcClientId> endpoint with GET method to obtain your existing Login Policy identifier.

curl -X GET \ \
	-H 'Authorization: Bearer ACCESS_TOKEN'

Enter the loginPolicy value from your call’s response below.

See example of a loginPolicy identifier

Step 2: GET login policy

Call the /config/loginPolicies/<loginPolicy> endpoint with GET method to get your existing Login Policy configuration. This configuration includes your loginURL.

curl -X GET \ \
	-H 'Authorization: Bearer ACCESS_TOKEN'

In the response to this call, does your loginURL already include the v2 indicator? Like this:

"loginURL": "",

If so, STOP HERE! You’re already using Hosted Login v2 for this login policy and all clients associated with it. You may want to:

  • Check a different login policy - To do this, you can start over.
  • Move forward with next steps related to the v2 upgrade - Skip to Add SMS Attributes.
  • Learn more about Hosted Login v2 - See Learn More.

Step 3: Configure new v2 login policy

Copy the full JSON object from the response and paste it into the text box below.

Then make the following 3 changes:

  1. Update the loginURL for Hosted Login v2: Change .../auth-ui/login to .../auth-ui/v2/login
  2. Remove the id parameter
  3. Update the title to differentiate your new login policy from the existing one. Example: “title”: “My Login Policy v2"
See example of a new login policy configuration for v2

Tip! The _links property is not configurable and can be safely removed from the JSON for simplicity, as in the example above.

Step 4: POST new v2 login policy

To create the new v2 login policy, call the /config/loginPolicies endpoint with the POST method, passing the full, updated JSON object in the body of the call.

curl -X POST \ \
	-H 'Authorization: Bearer ACCESS_TOKEN' \
	-H 'Content-Type: application/json' \
Troubleshooting Tips

Enter the value from your call’s response below (without the quotes). This is the identifier for your new login policy. We’ll use this in the next step.

See example of a new loginPolicy identifier