CRUD Operations for an Apple IdP
Learn how to create, read, update, and delete an Apple IdP.
1. Getting an Admin Access Token
-
Sign in with an administrator account.
-
Select Profile and choose a user profile.
-
Select Tokens and keys.
-
Go to My access tokens.
-
Choose Identity Domain Administrator role and enter desired token expiry.
-
Select Download token.
2. Creating an Apple IdP
POST /admin/v1/SocialIdentityProviders Example
curl --location '<domain URL>/admin/v1/SocialIdentityProviders' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Admin Access Token>' \
--data '{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "<displayName>",
"description": "Apple identity provider",
"serviceProviderName": "Apple",
"consumerKey": "clientId",
"consumerSecret": "<privateKey>",
"appleKeyId": "<keyId>",
"appleDevId": "<devId>",
"enabled": true,
"accountLinkingEnabled": true,
"showOnLogin": true,
"registrationEnabled": true,
"idAttribute": "email",
"meta": {
"resourceType": "SocialIdentityProvider"
}
}' Response Example
{
"idcsCreatedBy": {
"type": "User",
"display": "Jane Doe",
"value": "WcwrqV0UT2uh6Ey15uANkJV3vfwFh",
"ocid": "ocid1.user.<unique OCID identifier>",
"$ref": "https://<IdentityDomainID>.identity.oraclecloud.com:443/admin/v1/Users/WcwrqV0UT2uh6Ey15uANkJV3vfwFh"
},
"id": "R2ZTZhw77D45vzEwT8wqJ0kaPAmQx",
"meta": {
"created": "2025-03-04T17:24:14.676Z",
"lastModified": "2025-03-04T17:24:14.676Z",
"version": "WcwrqV0UT2uh6Ey15uANkJV3vfwFhr",
"resourceType": "IdentityProvider",
"location": "https://<IdentityDomainID>.identity.oraclecloud.com:443/admin/v1/IdentityProviders/R2ZTZhw77D45vzEwT8wqJ0kaPAmQx"
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "35qy6PAWyYmdpX1SzHv7vXJKdyp7K7",
"display": "Jane Doe",
"ocid": "ocid1.user.<unique OCID identifier>",
"type": "User",
"$ref": "https://<IdentityDomainID>.identity.oraclecloud.com:443/admin/v1/Users/WcwrqV0UT2uh6Ey15uANkJV3vfwFh"
},
"partnerName": "TestApple",
"shownOnLoginPage": true,
"description": "Apple identity provider",
"ocid": "ocid1.domainidentityprovider.region1.sea.Uy8JqwW77cwmbvXqp7QNpZUJjYWSSbzc9ksduqerh65k",
"domainOcid": "ocid1.domain.region1..Uy8JqwW77cwmbvXqp7QNpZUJjYWSSbzc9eoij2jgp66e54adfherh5562",
"compartmentOcid": "ocid1.tenancy.region1..pZUJjYWSSbzc9eoij2wW77cwmbvXqp7QNjgp66e54adfherh5562Uy8Jq",
"tenancyOcid": "ocid1.tenancy.region1..pZUJjYWSSbzc9eoij2wW77cwmbvXqp7QNjgp66e54adfherh5562Uy8Jq",
"appleKeyId": "<keyId>",
"accountLinkingEnabled": true,
"registrationEnabled": true,
"appleDevId": "<devId>",
"serviceProviderName": "Apple",
"consumerSecret": "<privateKey>",
"idAttribute": "email",
"consumerKey": "<clientId>",
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "TestApple",
"showOnLogin": true
} 3. Getting an Apple IdP
GET /admin/v1/SocialIdentityProviders Request Example
curl --location '<domain URL>/admin/v1/SocialIdentityProviders?filter=name eq "<displayName>"' \
--header 'Authorization: Bearer <Admin Access Token>' Response Example
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"Resources": [
{
"idcsCreatedBy": {
"type": "User",
"display": "Jane Doe",
"value": "WcwrqV0UT2uh6Ey15uANkJV3vfwFh",
"ocid": "ocid1.user.<unique OCID identifier>",
"$ref": "https://<IdentityDomainID>.identity.oraclecloud.com:443/admin/v1/Users/WcwrqV0UT2uh6Ey15uANkJV3vfwFh"
},
"id": "R2ZTZhw77D45vzEwT8wqJ0kaPAmQx",
"meta": {
"created": "2025-03-04T17:24:14.676Z",
"lastModified": "2025-03-04T17:24:14.676Z",
"version": "WcwrqV0UT2uh6Ey15uANkJV3vfwFhr",
"resourceType": "IdentityProvider",
"location": "https://<IdentityDomainID>.identity.oraclecloud.com:443/admin/v1/IdentityProviders/R2ZTZhw77D45vzEwT8wqJ0kaPAmQx"
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "WcwrqV0UT2uh6Ey15uANkJV3vfwFh",
"display": "Jane Doe",
"ocid": "ocid1.user.<unique OCID identifier>",
"type": "User",
"$ref": "https://<IdentityDomainID>.identity.oraclecloud.com:443/admin/v1/Users/WcwrqV0UT2uh6Ey15uANkJV3vfwFh"
},
"description": "Apple identity provider",
"ocid": "ocid1.domainidentityprovider.region1.sea.Uy8JqwW77cwmbvXqp7QNpZUJjYWSSbzc9ksduqerh65k",
"domainOcid": "ocid1.domain.<unique OCID identifier>",
"compartmentOcid": "ocid1.tenancy.<unique OCID identifier>",
"tenancyOcid": "ocid1.tenancy.<unique OCID identifier>",
"appleKeyId": "<keyId>",
"accountLinkingEnabled": true,
"registrationEnabled": true,
"appleDevId": "<devId>",
"serviceProviderName": "Apple",
"consumerSecret": "<privateKey>",
"idAttribute": "email",
"consumerKey": "<clientId>",
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "TestApple",
"showOnLogin": true
}
],
"startIndex": 1,
"itemsPerPage": 50
} 4. Updating an Apple IdP
PATCH /admin/v1/SocialIdentityProviders/<id> Request Example
Send a GET request first and record the ID of Apple IdP in the response.
curl --location --request PATCH '<domain Url>/admin/v1/SocialIdentityProviders/<id>' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Admin Access Token>' \
--data '
{
"Operations": [
{
"op": "replace",
"path": "appleKeyId",
"value": "<newKeyId>"
},
{
"op": "replace",
"path": "appleDevId",
"value": "<newDevId>"
},
{
"op": "replace",
"path": "consumerSecret",
"value": "<newPrivateKey>"
},
{
"op": "replace",
"path": "consumerKey",
"value": "<newClientId>"
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}' Response Example
{
"idcsCreatedBy": {
"type": "User",
"display": "Jane Doe",
"value": "R2ZTZhw77D45vzEwT8wqJ0kaPAmQxMmRK",
"ocid": "ocid1.user.<unique OCID identifier>",
"$ref": "https://<IdentityDomainID>.identity.oraclecloud.com:443/admin/v1/Users/WcwrqV0UT2uh6Ey15uANkJV3vfwFh"
},
"id": "R2ZTZhw77D45vzEwT8wqJ0kaPAmQx",
"meta": {
"created": "2025-03-04T17:24:14.676Z",
"lastModified": "2025-03-04T21:13:23.067Z",
"version": "6vSi7QqSmzerUMT5KqddRGt8EyMnvPA2G",
"resourceType": "IdentityProvider",
"location": "https://<IdentityDomainID>.identity.oraclecloud.com:443/admin/v1/IdentityProviders/R2ZTZhw77D45vzEwT8wqJ0kaPAmQx"
},
"enabled": true,
"idcsLastModifiedBy": {
"value": "WcwrqV0UT2uh6Ey15uANkJV3vfwFh",
"display": "Jane Doe",
"ocid": "ocid1.user.<unique OCID identifier>",
"type": "User",
"$ref": "https://<IdentityDomainID>.identity.oraclecloud.com:443/admin/v1/Users/WcwrqV0UT2uh6Ey15uANkJV3vfwFh"
},
"partnerName": "TestApple",
"shownOnLoginPage": true,
"description": "Apple identity provider",
"ocid": "ocid1.domainidentityprovider.region1.sea.Uy8JqwW77cwmbvXqp7QNpZUJjYWSSbzc9ksduqerh65k",
"domainOcid": "ocid1.domain.region1..Uy8JqwW77cwmbvXqp7QNpZUJjYWSSbzc9eoij2jgp66e54adfherh5562",
"compartmentOcid": "ocid1.tenancy.region1..pZUJjYWSSbzc9eoij2wW77cwmbvXqp7QNjgp66e54adfherh5562Uy8Jq",
"tenancyOcid": "ocid1.tenancy.region1..pZUJjYWSSbzc9eoij2wW77cwmbvXqp7QNjgp66e54adfherh5562Uy8Jq",
"appleKeyId": "<newKeyId>",
"accountLinkingEnabled": true,
"registrationEnabled": true,
"appleDevId": "<newDevId>",
"serviceProviderName": "Apple",
"consumerSecret": "<newPrivateKey>",
"idAttribute": "email",
"consumerKey": "<newClientId>",
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:SocialIdentityProvider"
],
"name": "TestApple",
"showOnLogin": true
} 5. Deleting an Apple IdP
DELETE /admin/v1/SocialIdentityProviders/<id> Request Example
- Send a GET request first and then record the ID of Apple IdP in the response.
- Remove any social users associated with this IdP and remove this IdP from IdP policies.
- Disable this IdP with a PATCH call. The following is an example of a PATCH call.
{ "Operations": [ { "op": "replace", "path": "enabled", "value": false } ], "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ] } curl --location --request DELETE 'https://<IdentityDomainID>.identity.oraclecloud.com /admin/v1/SocialIdentityProviders/<id>' \ --header 'Authorization: Bearer <Admin Access Token>'
Response Example
204 No Content