Update application
The endpoint provides functionality to update an application.
The following application types are supported:
Using OAuth 2.0 / OIDC protocol
- Single-page application (
spa
) - Regular web application (
webOauth
) - Native application (
nat
) - Server-to-server application (
s2s
)
- Single-page application (
Using SAML 2.0 protocol
- Regular web application (
webSaml
)
- Regular web application (
HTTP request
PATCH https://$instanceId.id.nevis.cloud/nevis/api/v1/applications/$applicationId
Parameters
Parameter | In | Type | Required / Optional | Description |
---|---|---|---|---|
instanceId | path | string | required | The ID of your Identity Cloud instance |
applicationId | path | string | required | The ID of the application |
Request body
Parameter | Type | Required / Optional | Description |
---|---|---|---|
spa | object | Required, if application type is spa | The parameters of the spa application |
webOauth | object | Required, if application type is web and protocol is oauthOidc | The parameters of the webOauth application |
nat | object | Required, if application type is nat | The parameters of the nat application |
s2s | object | Required, if application type is s2s | The parameters of the s2s application |
webSaml | object | Required, if application type is web and protocol is saml | The parameters of the webSaml application |
Application object
spa
Parameter | Type | Required / Optional | Description |
---|---|---|---|
allowedReturnUris | string[] | Optional | The user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. Constraint: The allowedReturnUris may include several URIs, up to a maximum of 20 . A Return URI must have a maximum length of 2048 characters. |
accessTokenLifetime | string | Optional | Specifies the lifetime of the issued access tokens for the application. Constraint: The accessTokenLifetime must be in the range [1m , 1440m ]. |
idTokenLifetime | string | Optional | Specifies the lifetime of the issued ID tokens for the application. Constraint: The idTokenLifetime must be in the range [1m , 1440m ]. |
refreshTokenLifetime | string | Optional | Specifies the lifetime of the issued refresh tokens for the application. Constraint: The refreshTokenLifetime must be in the range [1d , 365d ]. |
webOauth
Parameter | Type | Required / Optional | Description |
---|---|---|---|
allowedReturnUris | string[] | Optional | The user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. Constraint: The allowedReturnUris may include several URIs, up to a maximum of 20 . A Return URI must have a maximum length of 2048 characters. |
accessTokenLifetime | string | Optional | Specifies the lifetime of the issued access tokens for the application. Constraint: The accessTokenLifetime must be in the range [1m , 1440m ]. |
idTokenLifetime | string | Optional | Specifies the lifetime of the issued ID tokens for the application. Constraint: The idTokenLifetime must be in the range [1m , 1440m ]. |
refreshTokenLifetime | string | Optional | Specifies the lifetime of the issued refresh tokens for the application. Constraint: The refreshTokenLifetime must be in the range [1d , 365d ]. |
nat
Parameter | Type | Required / Optional | Description |
---|---|---|---|
allowedReturnUris | string[] | Optional | The user is redirected to the Return URI after successfully authorizing the application. This can be a classic URL, or a custom scheme URL that triggers a mobile application. Constraint: The allowedReturnUris may include several URIs, up to a maximum of 20 . A Return URI must have a maximum length of 2048 characters. |
accessTokenLifetime | string | Optional | Specifies the lifetime of the issued access tokens for the application. Constraint: The accessTokenLifetime must be in the range [1m , 1440m ]. |
idTokenLifetime | string | Optional | Specifies the lifetime of the issued ID tokens for the application. Constraint: The idTokenLifetime must be in the range [1m , 1440m ]. |
refreshTokenLifetime | string | Optional | Specifies the lifetime of the issued refresh tokens for the application. Constraint: The refreshTokenLifetime must be in the range [1d , 365d ]. |
s2s
Parameter | Type | Required / Optional | Description |
---|---|---|---|
accessTokenLifetime | string | Optional | Specifies the lifetime of the issued access tokens for the application. Constraint: The accessTokenLifetime must be in the range [1m , 1440m ]. |
webSaml
Parameter | Type | Required / Optional | Description |
---|---|---|---|
issuer | string | Optional | Issuer is the unique identifier of the service provider (SP) application, typically in a URL format. The identifier is used by Identity Cloud (the IdP) to validate SAML messages (For example AuthnRequest) received from the SP. Constraint: The issuer must be unique, and have a maximum length of 1024 characters. Example: https://sp.your-company.com |
subject | string | Optional | The Subject contains an identifier of the user as known to Identity Cloud. This configuration determines whether the User ID or the Email address will be used as value of the NameID attribute in the SAML Assertion. Values: email , userId . |
outboundBinding | string | Optional | The Outbound binding specifies how SAML messages are returned to the initiating application. Identity Cloud either instructs the user agent to send the message to the service provider using POST or returns a redirect (302 leading to a GET). Values: httpPost , httpRedirect . |
assertionConsumerServiceUrl | string | Optional | Assertion Consumer Service URL indicates the URL, to which the SAML response is returned after successful authentication. Constraint: The assertionConsumerServiceUrl must have a maximum length of 1024 characters. Example: https://sp.your-company.com/login/saml2/sso/ |
audience | string | Optional | SP verifies if Audience matches the recipient of a SAML response. Audience has a URL format. Constraint: The audience must have a maximum length of 1024 characters. Example: https://sp.your-company.com |
x509SignerCertificate | string | Optional | X509 Signer Certificate is needed if your SP signs the AuthnRequest. Extract the public-key certificate from the configuration of the the SP, or the SAML metadata file of the SP. Constraint: The x509SignerCertificate has to be encoded in PEM format. Note: The x509SignerCertificate should includes \n for new lines, after -----BEGIN CERTIFICATE----- prefix and before -----END CERTIFICATE----- postfix. |
Example request
applicationId=your-application-id-123
curl --request PATCH "https://$instanceId.id.nevis.cloud/nevis/api/v1/applications/$applicationId" \
--header "Authorization: Bearer $accessKey" \
--header "Content-Type: application/json"
spa
application request body
{
"spa": {
"allowedReturnUris": [
"https://your-company.com/callback"
]
}
}
webOauth
application request body
{
"webOauth": {
"allowedReturnUris": [
"https://your-company.com/callback"
]
}
}
nat
application request body
{
"nat": {
"allowedReturnUris": [
"https://your-company.com/callback"
]
}
}
s2s
application request body
{
"s2s": {
"accessTokenLifetime" : "2m"
}
}
webSaml
application request body
{
"webSaml": {
"issuer": "https://sp.your-company.com",
"assertionConsumerServiceUrl": "https://sp.your-company.com/login/saml2/sso/"
}
}
webSaml
application with X509 Signer Certificate request body
{
"webSaml": {
"issuer": "https://sp.your-company.com",
"assertionConsumerServiceUrl": "https://sp.your-company.com/login/saml2/sso/",
"x509SignerCertificate": "-----BEGIN CERTIFICATE-----\nyour-x509-signer-certificate\n-----END CERTIFICATE-----"
}
}
HTTP response
On success
HTTP/1.1 200
is returned if the application is successfully updated.
The response contains all attributes of the application. If application type is
- Single-page application the response is spa object
- Regular web application the response is webOauth object
- Native application the response is nat object
- Server-to-server application the response is s2s object
- Regular web application the response is webSaml object
On failure
HTTP/1.1 401
is returned if the authorization fails due to an invalid access key.
HTTP/1.1 404
is returned if the application with given id is not found.
HTTP/1.1 422
is returned if invalid request content is given.
HTTP/1.1 500
is returned if an unexpected error occurs.