Ir al contenido principal

Autenticación API OIDC

Equinix APIs use OAuth 2.0 protocol to authenticate the requests of your OIDC user to API endpoints. In order to interact with Equinix APIs, you need a bearer access token.

Requisitos previos

  1. An OIDC provider.

  2. Un token de identificación de OIDC de su proveedor de OIDC registrado.

  3. Permisos específicos del producto o servicio para especificar el alcance del token de acceso a la API. Se necesitan

    • ern:<access-policy-ern> where <access-policy-ern> is a single access policy that has been granted to the principal.
    • roleassignments:<org-id> where <org-id> is the organization ID where the OIDC principal has assigned roles.
    • projectpolicies:<project-id> where <project-id> is a project ID where the OIDC principal has been granted an access policy or access policies.
    • orgpolicies:<org-id> where <org-id> is an organization ID where the principal has been granted an access policy or access policies.
    • orgpolicies:<org-id> roleassignments:<org-id> where <org-id> is an organization ID where the principal has been granted both roles and access policies.

    For more information, see Access Control Scopes.

Solicitar un token de acceso

To request a bearer access token, send a POST request to the /v1/token endpoint.

En el cuerpo de la solicitud especifique:

  • grant_type - Use urn:ietf:params:oauth:grant-type:token-exchange to receive an access token.
  • scope (required) - Provide the scope. The permissions granted by the token are checked against whether the principal has been granted the appropriate roles or access policies. For more information, see Access Control Scopes.
  • subject_token - The OIDC ID token.
  • subject_token_type - Use urn:ietf:params:oauth:token-type:id_token which identifies your subject_token as an OIDC ID token.

Ejemplo de solicitud cURL:

curl -X POST 'https://sts.eqix.equinix.com/v1/token' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:id_token' \
--data-urlencode 'scope=<role_or_access_policy>' \
--data-urlencode 'subject_token=<oidc_id_token>'

Uso de tokens de acceso

To interact with Equinix API, send your access token in the Authorization header of the HTTP request with Authorization: Bearer <token>.

¿Fue útil esta página?