EmpowerID is an extendable Identity and Access Management (IAM), Single Sign-On and workflow development platform that uses thousands of workflow operations with real-time access checks to give organizations the security tools needed to control who can do what, where and when with their resources. Through its Web API, you the developer, can access and extend these features in your own applications. The API is built on the principles of REST and is organized around the components (resource objects, like user accounts, EmpowerID people, Exchange mailboxes, workflows, etc.,) of the EmpowerID platform.
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"16915561","collectionId":"4999cffd-6d71-4064-9b97-5de9e9645775","publishedId":"Tzsfnkrf","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"publishDate":"2021-08-02T16:24:18.000Z"},"item":[{"name":"Authentication Protocols","item":[{"name":"OpenID Connect Metadata Document","id":"161d9f76-4502-4036-867e-f3ea90428bd1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"https://YOUR_DOMAIN/oauth/.well-known/openid-configuration","description":"The OpenID Connect metadata document describes the URL information required for an application to sign in, as well as to obtain basic profile information about the end-user.
\n","urlObject":{"protocol":"https","path":["oauth",".well-known","openid-configuration"],"host":["YOUR_DOMAIN"],"query":[],"variable":[]}},"response":[{"id":"9d058e87-d4e8-482b-bf8e-f72c00e9ddf9","name":"OpenID Connect Metadata Document","originalRequest":{"method":"GET","header":[],"url":"https://sso.empoweriam.com/oauth/.well-known/openid-configuration"},"_postman_previewlanguage":"json","header":null,"cookie":[],"responseTime":null,"body":"{\n \"issuer\": \"https://sso.empoweriam.com/oauth\",\n \"jwks_uri\": \"https://sso.empoweriam.com/oauth/.well-known/jwks\",\n \"authorization_endpoint\": \"https://sso.empoweriam.com/oauth/v2/ui/authorize\",\n \"device_authorization_endpoint\": \"https://sso.empoweriam.com/oauth/v2/device/authorize\",\n \"token_endpoint\": \"https://sso.empoweriam.com/oauth/v2/token\",\n \"userinfo_endpoint\": \"https://sso.empoweriam.com/oauth/v2/userinfo\",\n \"tokeninfo_endpoint\": \"https://sso.empoweriam.com/oauth/v2/tokeninfo\",\n \"permission_endpoint\": \"https://sso.empoweriam.com/oauth/v2/uma/permission\",\n \"resource_registration_endpoint\": \"https://sso.empoweriam.com/api/services/v1/umaresource\",\n \"tokenrevoke_endpoint\": \"https://sso.empoweriam.com/oauth/v2/tokenrevoke\",\n \"frontchannel_logout_supported\": true,\n \"end_session_endpoint\": \"https://sso.empoweriam.com/oauth/v2/ui/logout\",\n \"check_session_iframe\": \"https://sso.empoweriam.com/oauth/v2/ui/checksession\",\n \"scopes_supported\": [\n \"openid\",\n \"profile\",\n \"email\"\n ],\n \"claims_supported\": [\n \"aud\",\n \"iss\",\n \"iat\",\n \"exp\",\n \"auth_time\",\n \"nonce\"\n ],\n \"response_types_supported\": [\n \"code\",\n \"token\",\n \"id_token\",\n \"id_token token\",\n \"code id_token\",\n \"code token\",\n \"code id_token token\"\n ],\n \"grant_types_supported\": [\n \"authorization_code\",\n \"device_code\",\n \"client_credentials\",\n \"password\",\n \"refresh_token\",\n \"implicit\",\n \"urn:ietf:params:oauth:grant-type:saml2-bearer\",\n \"urn:ietf:params:oauth:grant-type:certificate-bearer\",\n \"urn:ietf:params:oauth:grant-type:impersonate-bearer\",\n \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\n \"urn:ietf:params:oauth:grant-type:token-exchange\",\n \"urn:ietf:params:oauth:grant-type:uma-ticket\"\n ],\n \"subject_types_supported\": [\n \"public\"\n ],\n \"id_token_signing_alg_values_supported\": [\n \"RS256\"\n ],\n \"token_endpoint_auth_methods_supported\": [\n \"client_secret_post\",\n \"client_secret_basic\"\n ]\n}"}],"_postman_id":"161d9f76-4502-4036-867e-f3ea90428bd1"},{"name":"OpenID Connect Web Keys","id":"bdd8411f-e162-4fc2-8c0c-10b3b87a6a27","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"https://YOUR_DOMAIN/oauth/.well-known/jwks","description":"The JWKS URI returns the list of signing key(s) containing the public key(s) used to validate a JWT token issued by the authorization server. It includes the kid of the signing key to indicate to the verifier which key should be used to validate the signature.
\n","urlObject":{"protocol":"https","path":["oauth",".well-known","jwks"],"host":["YOUR_DOMAIN"],"query":[],"variable":[]}},"response":[{"id":"d4cc754d-b541-430f-b610-27e680f759df","name":"OpenID Connect Web Keys","originalRequest":{"method":"GET","header":[],"url":"https://sso.empoweriam.com/oauth/.well-known/jwks"},"_postman_previewlanguage":"json","header":null,"cookie":[],"responseTime":null,"body":"{\n \"keys\": [\n {\n \"kty\": \"RSA\",\n \"alg\": \"RS256\",\n \"use\": \"sig\",\n \"kid\": \"_lq2NHEiFgQ7UhAVVNiQJ63cnYs\",\n \"x5t\": \"_lq2NHEiFgQ7UhAVVNiQJ63cnYs\",\n \"e\": \"AQAB\",\n \"n\": \"iAK5mwueGN3FD8Qect_LwQ5z554v2_3iP-ojLkoZwafszv5YLoyuTEHvOJeCspTf-YDwwKZ8tobAIl50pN0652QbBKIaimk0erQpFPyEQmN56B9JYAqU2sMFlczmYdbpqOH0uaQwi3ZYahGwAF2vF0hUz0r_X5yuDPZytVABBT4LkqKY3U_f1t0oQrmABCZmEZl_QETdQweVzKklR8x_ypnhl0OQgYExxZ8Dz8_j4bft3CfLZyKd_d8R4LVH_ssKUDX8WqrJFSMZU-iEVSN-xL8xHlOsq16dAB5TUUFC-fApDyoz3Ty5yhCyfbWoAVkXriXLZFa-2m7WS6_AVfADhw\",\n \"x5c\": [\n \"MIIC/zCCAeegAwIBAgIITkVwDg+Dp5IwDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UEAwwbRW1wb3dlcklEIE9BdXRoIENlcnRpZmljYXRlMB4XDTE5MDYyMTAwMDAwMFoXDTIxMDYyMTAwMDAwMFowJjEkMCIGA1UEAwwbRW1wb3dlcklEIE9BdXRoIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAK5mwueGN3FD8Qect/LwQ5z554v2/3iP+ojLkoZwafszv5YLoyuTEHvOJeCspTf+YDwwKZ8tobAIl50pN0652QbBKIaimk0erQpFPyEQmN56B9JYAqU2sMFlczmYdbpqOH0uaQwi3ZYahGwAF2vF0hUz0r/X5yuDPZytVABBT4LkqKY3U/f1t0oQrmABCZmEZl/QETdQweVzKklR8x/ypnhl0OQgYExxZ8Dz8/j4bft3CfLZyKd/d8R4LVH/ssKUDX8WqrJFSMZU+iEVSN+xL8xHlOsq16dAB5TUUFC+fApDyoz3Ty5yhCyfbWoAVkXriXLZFa+2m7WS6/AVfADhwIDAQABozEwLzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBotQvLAxfc15JSxF3794N7uhAT8cF2tbl6I5Z1noP1PBKO/2dibUzpGViBYLNE4G3PQF2ezDIsnoIfQnrdebZR3PxHHAvTjd+hSOCxUNRPi6PpeZCwPAw1DaJhbKSoYzamgOLbQHTFhXiIAmoKTI3PkV94o6NEIsv5xTfaffRqXmmCygQjlf4U7odeMNsAJKC650FnFc6KWzcUgfuE836yI1M2fS1OI/1o16QJzpYRPsfp4T1p2+59urzj17kFuU6Fm3/osxcMWlpBdg2K6pQzSnEm+83RfFdEf8yCkf0yroo4rqpMCDTKaNekrK5LuxtfRdP64H2jJI3nTwPgAGMD\"\n ]\n },\n {\n \"kty\": \"RSA\",\n \"alg\": \"RS256\",\n \"use\": \"sig\",\n \"kid\": \"TpgSXgdSWcJ52kaVhAcl874hG30\",\n \"x5t\": \"TpgSXgdSWcJ52kaVhAcl874hG30\",\n \"e\": \"AQAB\",\n \"n\": \"xrTTSQ4tZfF8LKlBXw2mE4QM5qrI6Efsysj1KV9N8KHMsBLAsRiZNK4XN-u0hHffUwF5qzYLgOjak8Y3CGURX1TDdDWczbEen9uk4cKabL_nkj7CF0k6pkPHHnWbfBu1XEFgUaSPVBh_IVQ_UYyPDxrwItOPCCTqlSUSJgKZeanZ0Uwy-6aaIkelwGYwrDFXKITHJJIBQw0eW9ydJ2HX3GMCQ1_w2j26McXtcMF5J7Bhv89HTy-XPs8cJyqpQQBG6gc16G4WoY6q6_yWvLcA3UBtToBkRwCnFc4is8YIL3Zd86JrehWebLzDArqP8TjBFdcjgCK4mtkFZKmI0kc-xAMTv0DmFQSBKcSVUS1_1tzrBMxI5yoOB-YRWSDRdop9kmmuKX805lM8VAjdYaUTdINptSgxNo_YZQcmVBakDLXpMi8SZy4q-db1TpRuqiMbpFiz9V_5z2mYz4gQKCESFJd5eho7ANkGlDIqwzA4BUdGJ3wg9tapXUT4diZPcCNsUbNnctV6GN5La6P35jatc0HTXuQqHyU-8T3CxB-gSMomZIfJdJhAMCTP7c68MsTgyT6QGY3Vw_b9ZHZzh-_76pahKVJQIYQNkv8M_vWXr3Q_6WPbsdb5t7vw_hX-u0YlMCT9ce8fS4pqglXANkOWhGPWEzRFx4oqKjrS_FDGnXs\",\n \"x5c\": [\n \"MIIHPjCCBiagAwIBAgIII0/Fkt2SJQwwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjEwMTE4MTgyNzM5WhcNMjIwMjE5MTgyNzM5WjA+MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGTAXBgNVBAMMECouZW1wb3dlcmlhbS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGtNNJDi1l8XwsqUFfDaYThAzmqsjoR+zKyPUpX03wocywEsCxGJk0rhc367SEd99TAXmrNguA6NqTxjcIZRFfVMN0NZzNsR6f26Thwppsv+eSPsIXSTqmQ8cedZt8G7VcQWBRpI9UGH8hVD9RjI8PGvAi048IJOqVJRImApl5qdnRTDL7ppoiR6XAZjCsMVcohMckkgFDDR5b3J0nYdfcYwJDX/DaPboxxe1wwXknsGG/z0dPL5c+zxwnKqlBAEbqBzXobhahjqrr/Ja8twDdQG1OgGRHAKcVziKzxggvdl3zomt6FZ5svMMCuo/xOMEV1yOAIria2QVkqYjSRz7EAxO/QOYVBIEpxJVRLX/W3OsEzEjnKg4H5hFZINF2in2Saa4pfzTmUzxUCN1hpRN0g2m1KDE2j9hlByZUFqQMtekyLxJnLir51vVOlG6qIxukWLP1X/nPaZjPiBAoIRIUl3l6GjsA2QaUMirDMDgFR0YnfCD21qldRPh2Jk9wI2xRs2dy1XoY3ktro/fmNq1zQdNe5CofJT7xPcLEH6BIyiZkh8l0mEAwJM/tzrwyxODJPpAZjdXD9v1kdnOH7/vqlqEpUlAhhA2S/wz+9ZevdD/pY9ux1vm3u/D+Ff67RiUwJP1x7x9LimqCVcA2Q5aEY9YTNEXHiioqOtL8UMadewIDAQABo4ICxzCCAsMwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS0yNjI1LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMCsGA1UdEQQkMCKCECouZW1wb3dlcmlhbS5jb22CDmVtcG93ZXJpYW0uY29tMB0GA1UdDgQWBBSGAeLUwkKmDeUNDq6EfDjOmoqSvDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABdxbAqC8AAAQDAEcwRQIhAMnR2tFz6oDCUvwDs0bRFxQFUsM0TBoeZgxsjIJtCmh9AiBEaiqq691DTon+zHNCAG/NeoX3aiwsyiDSHZJM0o7XlgB2ACJFRQdZVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABdxbAqWcAAAQDAEcwRQIhANigXTAcOB28Zr9jYdLRzaCo0TlmKX3N3GfI3IuqrDQDAiB3wAWEBOl9YfIdza5dk6oX82MVLEwjMPqLfAkqWbz1EjANBgkqhkiG9w0BAQsFAAOCAQEAuWmdvBjL7u8fw5HUwc85MmMX/ZmZkjdbU59VP14r+C+RZN6MzsZFHSsD2N06OXlTIDf/Tc2TF0tpQShWVKebj8zI5t5fomTSBX3/MLp00YEKb0mR9aGzMlw2G8c0N3gR5f/kFUiggukgSt4TmQhFgvJBipvPFkTQ6lWbZ1BCD1jSBqjc1YwQDkIgoNJ0I6qABkS3mzNR/fl3HkOd4PkNetcocxkfuiUkLoIXx7UFaGWgmEnp73ZSTKOPYaT54FpqdyRG52mcuvohV9KFwK60M8ijLAHO16ZhU2ob0euO5VUUKu/V7r2x9C6X7d7TGhhfo6xvUTCStxBhtZahkRJSrw==\"\n ]\n },\n {\n \"kty\": \"RSA\",\n \"alg\": \"RS256\",\n \"use\": \"sig\",\n \"kid\": \"3jaJpg7iYf8tDinNGobcK0_Ws44\",\n \"x5t\": \"3jaJpg7iYf8tDinNGobcK0_Ws44\",\n \"e\": \"AQAB\",\n \"n\": \"gx-FkcFVuVJBRPiaUrWz38k5mQdQp4FdwZ3aTJOf1Dj9WJ0JJVTcsbVUQ_OA39Pqg6rXmQLV6TaMyzIzmvEcc8UDf2U0EMlzPhWUV1lGZwDnvVb9913MQv6WJ9rPY9TeYoYYHX4VYWOPkvbM09Lt5WNwgwp4obyMeg1zuc0Wtj4gVeUmMoFgwGhgSznvBGNnC2oo4QEoGfrgUyonuDjeID7E6IkGWnd0wWCSwfUOw75ts0tptRQ8YPdMW8HoDlIaZo-ovuEnU-WrFom80Lm4FbFJc5Ts_HxUoXHj7bSQaSKP1WuYnu23Eb6_hrsdFEFtprQHBWG0MxDPx8B0Vsdviw\",\n \"x5c\": [\n \"MIIDEjCCAfqgAwIBAgIQGNJ+GYECN7xA/XvD1sHgIzANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydNaWNoYWVsLVdpbjE2LnRoZWRvdG5ldGZhY3RvcnkuaW50ZXJuYWwwHhcNMTgwNjAxMTQyNzQ0WhcNMTkwNjAxMDAwMDAwWjAyMTAwLgYDVQQDEydNaWNoYWVsLVdpbjE2LnRoZWRvdG5ldGZhY3RvcnkuaW50ZXJuYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDH4WRwVW5UkFE+JpStbPfyTmZB1CngV3BndpMk5/UOP1YnQklVNyxtVRD84Df0+qDqteZAtXpNozLMjOa8RxzxQN/ZTQQyXM+FZRXWUZnAOe9Vv33XcxC/pYn2s9j1N5ihhgdfhVhY4+S9szT0u3lY3CDCnihvIx6DXO5zRa2PiBV5SYygWDAaGBLOe8EY2cLaijhASgZ+uBTKie4ON4gPsToiQZad3TBYJLB9Q7Dvm2zS2m1FDxg90xbwegOUhpmj6i+4SdT5asWibzQubgVsUlzlOz8fFShcePttJBpIo/Va5ie7bcRvr+Gux0UQW2mtAcFYbQzEM/HwHRWx2+LAgMBAAGjJDAiMAsGA1UdDwQEAwIEMDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAW7uC6Q2t8fhHBIW8/bfaBUkMpE5D0F0u0vWe9i6FUfidpTOlMh/HoTaggnbFpEXajvfPM6PwpIuel8xtfs4wESvZgjV9sBT7ItVaHI610VLG5swhCjMoJYyq7rTyBZ50BhJP8x1pEVeFCbHp+vNDsrOUuX4t156BMvUW84domffSqncG1BoyflwE+BrawO/lN3Uiy1U2Z5GhZaUVaHaTLiEeHBL4N4S9qq5Ei2ml/niviJgsAEhGIx9N3RZFreaUgAyABeo247j2I6WRrzXWZvWaIRjNR2cS8Q+xfTpWnICKg8cRRm7/fhMasbisl/IKgW5wpe/1IE0iX0REmyuubQ==\"\n ]\n },\n {\n \"kty\": \"RSA\",\n \"alg\": \"RS256\",\n \"use\": \"sig\",\n \"kid\": \"hAJOk3hqmJ_MtXHX4GQWnO4cpKM\",\n \"x5t\": \"hAJOk3hqmJ_MtXHX4GQWnO4cpKM\",\n \"e\": \"AQAB\",\n \"n\": \"sr1qLVDXYpeaIwMN6g1aDMZdlLCPIVSaRrcWuHybD5JvJ21gWoAnk05kAp5asnlD4xUg2JiGVe8yWJif1hSQiprfpTqsWSTEQxYzT-kPssbJtbMNcte8LJ8nCxZcsH5RSMiUK8gpQB4Cpp-jAcHXBzF8M9wAI-66KNR0Ue8qc-j3B7W0irWsLOfh76ituppdZmL-H4WRrwqyy-jzXYsadZk1I9xGdaX6_y0CKkWGeQ8vJ-oEezoXhIkVOJYC5CuK8Ihs7PsjXr1oF3kUCui4yyTb2CBGiZ2Tj82twGC7X_f1Z4fXJxbxcicAZU2NeMzMFNU0iLaI50MSB0oSJ6cl1ujfr4eiFPZkfs3c9zXhTauTZ7j5jB9B6MOC6x--U_J74n1csJ38oFIAVniAEGVXbeC2SEQX2CFJ2t6YGV_BiWj7LLdCJMG80oh-WcROmi2bapeOSdtH9hPSf2OZwP_fqylYMZ1CVZjbVwcMFX5BNNJDjVM_-sQ9c1UsCpD5Lojf8OC7HUAxO4JuSz-TlHfyohjuvHLYWwuhWnoFfOlWRPxw39Y1k7v0xTYTjGc8BmsBiApnkZL7JbHE333Y2jGJoDmR8MCkqAT3QokIfj0gsjmPvfiJBQGZ2ysEAkmYZ27f-Zc5BsXMdfw05X-7zB79EDbnu6Hq8Vr8bBR4xBwF_9M\",\n \"x5c\": [\n \"MIIGKzCCBROgAwIBAgIJAOEHwy0C7ul3MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE1MDYxMTE0NTc0MFoXDTE4MDEyMTE4NTYzOVowPjEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRkwFwYDVQQDDBAqLmVtcG93ZXJpYW0uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsr1qLVDXYpeaIwMN6g1aDMZdlLCPIVSaRrcWuHybD5JvJ21gWoAnk05kAp5asnlD4xUg2JiGVe8yWJif1hSQiprfpTqsWSTEQxYzT+kPssbJtbMNcte8LJ8nCxZcsH5RSMiUK8gpQB4Cpp+jAcHXBzF8M9wAI+66KNR0Ue8qc+j3B7W0irWsLOfh76ituppdZmL+H4WRrwqyy+jzXYsadZk1I9xGdaX6/y0CKkWGeQ8vJ+oEezoXhIkVOJYC5CuK8Ihs7PsjXr1oF3kUCui4yyTb2CBGiZ2Tj82twGC7X/f1Z4fXJxbxcicAZU2NeMzMFNU0iLaI50MSB0oSJ6cl1ujfr4eiFPZkfs3c9zXhTauTZ7j5jB9B6MOC6x++U/J74n1csJ38oFIAVniAEGVXbeC2SEQX2CFJ2t6YGV/BiWj7LLdCJMG80oh+WcROmi2bapeOSdtH9hPSf2OZwP/fqylYMZ1CVZjbVwcMFX5BNNJDjVM/+sQ9c1UsCpD5Lojf8OC7HUAxO4JuSz+TlHfyohjuvHLYWwuhWnoFfOlWRPxw39Y1k7v0xTYTjGc8BmsBiApnkZL7JbHE333Y2jGJoDmR8MCkqAT3QokIfj0gsjmPvfiJBQGZ2ysEAkmYZ27f+Zc5BsXMdfw05X+7zB79EDbnu6Hq8Vr8bBR4xBwF/9MCAwEAAaOCAbMwggGvMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtODcuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjArBgNVHREEJDAighAqLmVtcG93ZXJpYW0uY29tgg5lbXBvd2VyaWFtLmNvbTAdBgNVHQ4EFgQUyBuNC3cZH9tZTjKR9meaQ19v2/YwDQYJKoZIhvcNAQELBQADggEBAGkAOy25sxzLqW9tEiUWYwhPn/T4G8Gpc0NfHc4OeTn6hMqNnQuPDGdDrPNDfOm/UIc8yZCRNgCC4+NqUl/EzEucvZG8RfTthsjswwt5cJ0Aq889Xz3QQURN1kFq32pI24DXVA2EBhdtB59kQDY10w3QteDyrf50khx+5RhJBymJg1vmAjgst/RJzC1sdQ4cfvfWvcay/S0Wh6n2IOENBaXdfR5Qqjj4UolCJQDqF6KcHe9mJjoFlI9v9SPsl5IP45Pej9EKx/ZV0zVX/mk6UF/fI86v7syO0V1dHilrtiXYTqreUbZW1JiTivInbPcIJf9xhIFNosQu84FGD82zYLg=\"\n ]\n },\n {\n \"kty\": \"RSA\",\n \"alg\": \"RS256\",\n \"use\": \"sig\",\n \"kid\": \"STI802VLqhzG3yyuY58ROynr2KM\",\n \"x5t\": \"STI802VLqhzG3yyuY58ROynr2KM\",\n \"e\": \"AQAB\",\n \"n\": \"twOVIaNwb1i4_ky4x95CL0cipftXiogIWpzRzq4lLDE0goQTu2XKoeicfZBEvXmFkXo1Mlp0u-RZDm-PXMXG7L84_wL9MOhs2-GCBhjAfQwyvzbomYmJi_28p7qJxgp0kJ1TUWAqS385UM-6XEYE9xPZHYUJldEp_vrzrGt0A9rieLgsXb_RzY94t7mdazGalylDjw1XWWLVSwf582JLLDzwdMZpS6xhuMViMvwcFxUaP5tI8p2eeFulfWE4-rdhX5e3JnOc6ctX5n3of0TZEAn-bW83Fb-oEA0dVGjxlpOe_Um26YMu252QEh9qvzZkQ0xfUcOxP2LfqU-2_zwMgQ\",\n \"x5c\": [\n \"MIIC4zCCAcugAwIBAgIIVQMMkrhJylIwDQYJKoZIhvcNAQELBQAwGDEWMBQGA1UEAwwNQVBJQXV0b21hdGlvbjAeFw0yMTA3MjkwMDAwMDBaFw0yMzA3MjkwMDAwMDBaMBgxFjAUBgNVBAMMDUFQSUF1dG9tYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3A5Uho3BvWLj+TLjH3kIvRyKl+1eKiAhanNHOriUsMTSChBO7Zcqh6Jx9kES9eYWRejUyWnS75FkOb49cxcbsvzj/Av0w6Gzb4YIGGMB9DDK/NuiZiYmL/bynuonGCnSQnVNRYCpLfzlQz7pcRgT3E9kdhQmV0Sn++vOsa3QD2uJ4uCxdv9HNj3i3uZ1rMZqXKUOPDVdZYtVLB/nzYkssPPB0xmlLrGG4xWIy/BwXFRo/m0jynZ54W6V9YTj6t2Ffl7cmc5zpy1fmfeh/RNkQCf5tbzcVv6gQDR1UaPGWk579Sbbpgy7bnZASH2q/NmRDTF9Rw7E/Yt+pT7b/PAyBAgMBAAGjMTAvMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBABEDj/vy1i+3+cZMTJW2t/vV+XwS3N9R5JAgeoMcgT2bF8OSi/0a0upQpOug439NiOqZxzs9X6ob9GbK06L4cKXKpxX8vzux1WfJb0lANPlC5xp+pX4nRyN1RqKXwzwXiGNLwhNUfFEsSDAUC3czgLvWDJuTYMnC4a+WhyEHN1OKgpqoixvQQ+P3vIzbCpfNrK5J+UUIfkvS+n6CrchmCWbxQ2ifx4qkcsRp6u87R50zD9+qM5jYhNivEFWMsXyhavFx4ivTniF3ndNCJzvRy0tDmMEHrKWBiq2YhEtP26tyETVn/sEpfWU6fiLdyMIQHVOJJ6QJoewMXa7SRKk7USw=\"\n ]\n }\n ]\n}"}],"_postman_id":"bdd8411f-e162-4fc2-8c0c-10b3b87a6a27"},{"name":"Authorization Code Flow","id":"b82c1505-c69f-40a7-abfb-d036b20b98b5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/x-www-form-urlencoded"}],"body":{"mode":"urlencoded","urlencoded":[{"key":"client_id","value":"YOUR_CLIENT_ID","type":"text","description":"Required
The client_id of your oauth application
Required
The application redirect/callback URL to which EmpowerID will send the authentication response
Required
Must be code for authorization code flow. For OIDC flow include code id_token
Optional
An opaque string sent by the client to maintain session and prevent CSRF attacks
Optional
A space separated list of scopes that the user consents to. For OIDC flow include openid
Optional
An opaque string sent by the client to associate a client session with an ID token and to mitigate replay attacks
The Authorization Code Grant is used to request an authorization code that can be exchanged for an ID token and, typically an access token. This grant is advantageous in that tokens cannot be intercepted as they are never exposed to the user agent (typically, a web browser). The flow is redirection-based, so the client needs to be able to interact with the resource owner’s user agent.
\nRequired
The client_id of your oauth application
Required
The application redirect/callback URL to which EmpowerID will send the authentication response
Required
Must be token for implicit grant flow. For OIDC flow use token id_token
Optional
An opaque string sent by the client to maintain session and prevent CSRF attacks
Optional
A space separated list of scopes that the user consents to. For OIDC flow include openid
Optional
An opaque string sent by the client to associate a client session with an ID token and to mitigate replay attacks
The Implicit Grant is used to obtain access token and/or ID token directly from the /authorize endpoint. The flow is redirection-based, so the client needs to be able to interact with the resource owner’s user agent. Clients using this flow are usually implemented in a browser using a scripting language.
\nRequired
The client_id of your oauth application
Required
The client_secret of your oauth application
Required
Must be \"password for resource owner password grant
Optional
A space separated list of scopes that the application requires. Include openid to retrieve an ID token
Required
The user's login
Required
The user's password
The Resource Owner Password Grant allows an application to obtain an access token and/or ID token by supplying their username and password.This flow should be used when the resource owner has high degree of trust with the client and only when the other flows are not viable.
\nRequired
Must be urn:ietf:params:oauth:grant-type:jwt-bearer for JWT bearer token flow
Required
JWT assertion string. Refer to the description to generate the JWT assertion
Optional
A space separated list of scopes that the application requires. Include openid to retrieve an ID token
The JWT Bearer Token Flow is an extension of OAuth 2.0 that provides a framework for using JWT assertions as client credentials for retrieving access token and/or ID token.
\nbase64(sign(JWT Assertion)) as described in the above documentation linkRequired
Must be urn:ietf:params:oauth:grant-type:saml2-bearer for SAML bearer assertion flow
Required
SAML assertion string. Refer to the description to generate the SAML assertion
Optional
A space separated list of scopes that the application requires. Include openid to retrieve an ID token
The SAML Bearer Assertion Flow is an extension of OAuth 2.0 that provides a framework for using SAML assertions as client credentials for retrieving access token and/or ID token.
\nbase64(sign(SAML Assertion)) as described in the above documentation linkRequired
The client_id of your oauth application
Required
The client_secret of your oauth application
Required
Must be client_credentials for client credential grant
Optional
A space separated list of scopes that the application requires. Include openid to retrieve an ID token
Optional
The user's login, GUID,or ID for whom the access token should be issued. If this value is null or not present, the access token will be issued to the owner of the registered OAuth application
The Client Credential Grant allows an application to obtain an access token and/or ID token by using only the client ID and client secret. This flow should be used for machine-to-machine (M2M) interactions that do not involve any user interaction. The client can request access to protected resources under its control, or those of another resource owner that have been previously arranged with the authorization server.
\nRequired
The client_id of your oauth application
Required
The client_secret of your oauth application
Required
EmpowerID refresh token string
Required
Must be refresh_token for refresh token grant
The Refresh Token Grant is used for obtaining a new access token by supplying a refresh token that was issued by the authorization server when the current access token becomes invalid or expires.
\nRequired
EmpowerID access token
The UserInfo endpoint is a part of OIDC that returns information about the user associated with the access token.
\nRequired
Basic authentication of the application credentials
Required
EmpowerID token
Required
Indicates the type of token sent for introspection. Value must be access_token or refresh_token or id_token. If not present defaults to access_token
The Token Introspection Endpoint allows authorized resources to query the authorization server to determine metadata associated with a token, including whether the token is currently active.
\nRequired
Basic authentication of the application credentials
Required
EmpowerID token
Required
Indicates the type of token sent for revocation. Value must be access_token or refresh_token. If not present defaults to access_token
The Token Revocation Endpoint allows a client to invalidate token if the end-user logs out or changes identity or uninstalls the applications. This prevents abuse of abandoned tokens and facilitates better end-user experience.
\nRecommended
The URL the user will be redirected to after logout is performed. This URL should be registered in the Callback URLs on the OAuth application. If not present in the request, after logout the user will be redirected to the IdP login page
Optional
Previously issued ID Token which is used to identify the user’s current authenticated session with the client
Optional
Determines whether to terminate the user’s IdP session and all the service providers the user is currently authenticated with. Value must be true or false
Optional
An opaque string value sent by the client to maintain state. This value will be sent back to the RP in the callback endpoint specified by the post_logout_redirect_uri parameter
The RP-Initiated Logout process is initiated by a client to logout the end-user from the authorization server. The client can choose to perform a global logout or end only the IdP session.
\nThis logout process is used in conjunction with session management endpoint, check_session_iframe. If the client wants to terminate a session, it must periodically check the session status by polling a hidden OP iframe from an RP iframe with an origin restricted postMessage.\nThe check_session_iframe responds with the following values,
\nThe Authentication Protocols describe the OAuth 2.0 and OpenID Connect flows that are industry standard protocols for authenticating and authorizing third-party applications to access Web APIs on behalf of a resource owner approving that access.
\nThe following methods can be used to authenticate:
\nThe following methods can be used to retrieve user & token information:
\nThe following methods can be used to a revoke token & logout a user:
\nRequired
\n","type":"text"}],"url":"https://YOUR_SCIM_VDS_DOMAIN/v1.0/ACCOUNT_STORE_NAME/users/ACCOUNT_LOGON_NAME","description":"Get Account API is an authenticated endpoint that gets user account details in a specific account store in EmpowerID.
\nRequired
\n"}],"url":"https://YOUR_SCIM_VDS_DOMAIN/v1.0/ACCOUNT_STORE_NAME/users?filter=FILTER_EXPRESSION","description":"Query Account API is an authenticated endpoint that queries user accounts.
\nAccess token should be obtained for OAuth application SCIM EID VDS with scope scimvds.user
\nThe following workflow examples are provided for this API,
\nBelow table describes the SCIM to EmpowerID account attribute mapping,
\nRequired
\n"}],"body":{"mode":"raw","raw":"{\n \"name\": {\n \"familyName\" : \"