OIDC API認証
Equinix APIs use OAuth 2.0 protocol to authenticate the requests of your OIDC user to API endpoints. In order to interact with Equinix APIs, you need a bearer access token.
必須条件
-
An OIDC provider.
-
登録したOIDCプロバイダからのOIDC IDトークン。
-
API アクセストークンの範囲を指定するための、製品またはサービス固有の権限。どちらかが必要です:
ern:<access-policy-ern>where<access-policy-ern>is a single access policy that has been granted to the principal.roleassignments:<org-id>where<org-id>is the organization ID where the OIDC principal has assigned roles.projectpolicies:<project-id>where<project-id>is a project ID where the OIDC principal has been granted an access policy or access policies.orgpolicies:<org-id>where<org-id>is an organization ID where the principal has been granted an access policy or access policies.orgpolicies:<org-id> roleassignments:<org-id>where<org-id>is an organization ID where the principal has been granted both roles and access policies.
For more information, see Access Control Scopes.
アクセストークンのリクエスト
To request a bearer access token, send a POST request to the /v1/token endpoint.
リクエスト本文に
grant_type- Useurn:ietf:params:oauth:grant-type:token-exchangeto receive an access token.scope(required) - Provide the scope. The permissions granted by the token are checked against whether the principal has been granted the appropriate roles or access policies. For more information, see Access Control Scopes.subject_token- The OIDC ID token.subject_token_type- Useurn:ietf:params:oauth:token-type:id_tokenwhich identifies yoursubject_tokenas an OIDC ID token.
サンプルcURLリクエスト:
curl -X POST 'https://sts.eqix.equinix.com/v1/token' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:id_token' \
--data-urlencode 'scope=<role_or_access_policy>' \
--data-urlencode 'subject_token=<oidc_id_token>'
アクセストークンの使用
To interact with Equinix API, send your access token in the Authorization header of the HTTP request with Authorization: Bearer <token>.