Now that you’ve created a v2 login policy, you can use it to upgrade your OIDC client(s) to Hosted Login v2.
We’ll continue to use the same access token you provisioned earlier. This token lasts one hour - if it expires, you can go back and provision a new one.
Call the /config/clients/<janrainOidcClientId> endpoint with GET method to get your OIDC client configuration again. As you observed previously, this configuration includes your loginPolicy identifier.
curl -X GET \
https://v1.api.REGION.janrain.com/CUSTOMER_ID/config/clients/OIDC_CLIENT_ID \
-H 'Authorization: Bearer ACCESS_TOKEN'
Copy the full JSON object from the response and paste it into the text area below.
Then make the following change:
loginPolicy value to point to your new v2 login policy: If you don’t see a login policy ID here, go back and complete the previous steps.{
"id": "1ab23456-7c8d-90ef-g123-45hij6789012",
"name": "My Public Login Client",
"redirectURIs": [
"http://localhost",
"http://localhost:3000/redirect_uri",
"https://oidc-playground.akamai.com/redirect_uri",
"https://mydomain.com/redirect-url"
],
"loginPolicy": "2bc34d56-7890-1234-e5fg-6h789i01jkl2",
"tokenPolicy": "a123bcde-4f56-7890-gh12-i34j567k8l90",
"type": "public"
}
Tip! The _links property is not configurable and can be safely removed from the JSON for simplicity, as in the example above.
To publish your client configuration with the v2 loginPolicy, call the same endpoint with the PUT method, passing the full, updated JSON object in the body of the call.
curl -X PUT \
https://v1.api.REGION.janrain.com/CUSTOMER_ID/config/clients/OIDC_CLIENT_ID \
-H 'Authorization: Bearer ACCESS_TOKEN' \
-H 'Content-Type: application/json' \
-d 'MY UPDATED CLIENT CONFIGURATION'
"name" value in your client configuration for apostrophes (example: "name": "Wayne's World Public Login Client"). If there is an apostrophe in the "name" value, remove it before importing the call. Then you can add it back in the Body tab of the call after you’ve imported it.403 Forbidden, this is probably due to an expired access token. You can provision a new one and try again.Invalid request: redirectURIs are invalid when you make this call, this may mean you’ve attempted to add a redirect URI that is served over HTTP instead of HTTPS. Please note that all non-localhost redirect URIs must be served over HTTPS.Upon success, your client is now upgraded to Hosted Login v2! You can test the digital property associated with this OIDC client to see the new v2 features.
NOTE: In order to use Hosted Login v2, you only need to update the loginPolicy. It is NOT necessary to update your Hosted Login calls (such as the /auth-ui/profile endpoint) to also refer to v2. When your loginPolicy is upgraded to v2, that becomes the default version for all Hosted Login calls you make with the associated OIDC client.