List Your Login Policies

Endpoint URL: {identityDomain}/{customerId}/config/loginPolicies



Description

Returns information about all the login policies associated with the specified customer.

Login policies help manage the user login experience by doing such things as specifying the exact path to the Capture domain and the user profile entity type and defining the login URL for the associated directory. All OpenID Connect clients (public clients and confidential clients) must be associated with a login policy.

Login policies can also be used to specify custom claims: custom claims provide a way to return user profile attributes that are not returned by any of the predefined scopes. For example, suppose you have a custom attribute – newsletterSubscriber– that isn’t returned by any of your Hosted Login scopes. You cannot add this attribute to an existing scope, nor can you create a new scope. However, in your login policy you can define a custom claim that will return the newsletterSubscriber attribute:

"customClaims": {
       "id_token": 
           {"subscriber": "newsletterSubscriber"}
     }

In the preceding example, a unique claim name (subscriber) is mapped to the newsletterSubscriber attribute. The value id_token indicates that the custom claim should be returned as part of the identity token. For example:

{
  "iss": "accounts.akamai-documentation.com",
  "sub": "8855454e-8146-11e8-adc0-fa7ae01bbebc",
  "aud": "c2a5b7bc-e329-b4e4-dd6b-eb1ae01c22aa",
  "iat": 1530897246,
  "exp": 1530900246,
  "jti": "ID.rWH0iZkhFNxAoDxR5LhLAOqNj2bQvmMaeQiqhH5BcAU",
  "subscriber": true
}

Alternatively, you can replace id_token with userinfo. When you do that, the custom claim is not returned as part of the identity token; instead, it’s returned when you make a call to the userinfo endpoint.

For more information, see the article OpenID Connect Scopes and Claims.

Respects the API Client Allow List: No


Authentication

This endpoint requires token-based authentication. To obtain an access token, you must use a configuration client (using the client ID as the username and the client secret as the password) to access the /{customerId}/login/token endpoint. The access token returned from the token endpoint is then used in the Authorization header of your API call. For example, if you get back the access token Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB then your Authorization header would look like this when using Curl:

-H 'Authorization: Bearer Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB'

In Postman, set the Authorization Type to Bearer and use the access token as the value of the Token field.


Path Parameters

The path parameters that must be included in the request are listed in the following table:

NameTypeRequiredDescription

{customerId}

string

Yes

Unique identifier of the customer associated with the login policy.


Sample Request (Curl)

The following command returns information about the login policies associated with the customer 01000000-0000-3000-9000-000000000000:

curl -X GET \
  https://v1.api.us.janrain.com/01000000-0000-3000-9000-000000000000/config/loginPolicies \
  -H 'Authorization: Bearer Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB'


Responses

200 OK

If your call to this endpoint succeeds, you'll get back information about each of the login policies associated with the specified customer:

{
    "total": 4,
    "_embedded": {
        "loginPolicies": [
            {
                "id": "1e1ab726-f4b5-4bad-ba45-877027af4097",
                "title": "Dev Login Policy",
                "_links": {
                    "self": {
                        "href": "/config/e0a70b4f-1eef-4856-bcdb-f050fee66aae/loginPolicies/1e1ab726-f4b5-4bad-ba45-877027af4097"
                    }
                }
            },
            {
                "id": "4534eb38-f0f8-40a9-a980-e01a59967f43",
                "title": "Token Test Login Policy",
                "_links": {
                    "self": {
                        "href": "/config/e0a70b4f-1eef-4856-bcdb-f050fee66aae/loginPolicies/4534eb38-f0f8-40a9-a980-e01a59967f43"
                    }
                }
            },
            {
                "id": "ad2cad34-e06f-463e-a43f-b5c8af0ee965",
                "title": "GREG_DEMO Login Policy",
                "_links": {
                    "self": {
                        "href": "/config/e0a70b4f-1eef-4856-bcdb-f050fee66aae/loginPolicies/ad2cad34-e06f-463e-a43f-b5c8af0ee965"
                    }
                }
            },
            {
                "id": "edbdb3e3-0b07-4122-8548-24165b3c9983",
                "title": "Default Login Policy",
                "_links": {
                    "self": {
                        "href": "/config/e0a70b4f-1eef-4856-bcdb-f050fee66aae/loginPolicies/edbdb3e3-0b07-4122-8548-24165b3c9983"
                    }
                }
            }
        ]
    }
}