Create a login policy

When you create a login policy you must tightly-couple the new policy with an existing owner client; your new login policy must include such things as the owner client ID and secret as well as the entity type used by that client. Note, too that – at this point in time – this information can’t be changed after it’s been added to a login policy. For example, suppose you configure a login policy to use the client secret jiu62gun9wkkmi7fgnqx4ppe1476amh99; you then find out that another administrator has just changed that client secret. Currently, there is no way to change the value of the login policy’s clientSecret property. If the client secret changes, your only recourse is to create a brand-new login policy, one that uses the new client secret.

The following table lists the property values of a login policy:

PropertyDescription
typeMust be set to janrainCapture:

"type": "janrainCapture"
domain (identityStoreDetails)URL of your Identity Cloud Capture domain. Your Akamai representative will supply you with domain names available for your use.

For example:

"domain":"dev-app.janraincapture.com"

After it's been set this value cannot be changed.
applicationID (identityStoreDetails)Unique identifier of the Identity Cloud application associated with the login policy. For example:

"applicationId": "kfcmdfudasmx9wkay7463vpdsy"

After it's been set this value cannot be changed.
clientID (identityStoreDetails)Unique identifier of the owner client associated with the Capture application.

For example:

"clientId": "96by2t9dav337mvzbybqdfcjmrsd7bn4"

After it's been set this value cannot be changed.
clientSecret (identityStoreDetails)Client secret of the owner client associated with the Capture application. Owner client secrets can be retrieved; this can be done either through the Console or by using the /config/{app_id}/clients/{client_id} operation.

For example:

"clientSecret": " jiu62gun9wkkmi7fgnqx4ppe1476amh99"

After it's been set this value cannot be changed.
entityType (identityStoreDetails)Name of the entity type where the user profiles associated with this client are stored. For example:

"entityType": "user"

After it's been set this value cannot be changed.
loginURLURL of the web page used for OIDC logins and registrations. For example:

"loginURL": "http://akamai-documentation.com/login"
titleFriendly name for the new login policy. Note that login policy names do not have to be unique; if you want, you can name all your login policies My Login Policy. (Although this isn't recommended.)

For example:

"title": "Akamai Documentation Login Policy"
customClaimsProvides a way to return user profile attributes that are not returned by any of the allowed scopes. For example:

"customClaims": {
"id_token":
{"subscriber": "newsletterSubscriber"}
}

See Create custom claims for more information.

To create a new login policy, use the /{customer_id}/config/logPolicies operation and the POST method. Your policy information must be formatted using JSON, and must be included as part of the body parameter. For example, a Curl command for creating a new login policy will look something like this:

curl -X POST \
  https://v1.api.us.janrain.com/01000000-0000-3000-9000-000000000000/config/loginPolicies \
  -H 'Authorization: Bearer Xk7EzdpGq5GPQcsxCWM2SxdlwU_iTsA4i2Px4TEzBrfLIvddjnDVBJxjPDuCARHH' \
  -H 'Content-Type: application/json' \
  -d '{
     "identityStoreDetails": {
        "type": "janrainCapture",
        "connectionDetails": {
            "domain": "alb.capture.multi.dev.or.janrain.com",
            "applicationId": "kfcmdfudasmx9wkay7463vpdsy",
            "entityType": "user",
            "clientId": "96by2t9dav337mvzbybqdfcjmrsd7bn4",
            "clientSecret": "tedywcxnevb6feyb88585f466dp8nsqc"
        }
    },
    "loginURL": "https://documentation.akamai.com/login",
    "title": "Akamai Documentation Login Policy",
"customClaims": {
       "id_token": 
           {"memberId": "membershipId"},
       "userinfo": 
           {"memberSince": "membershipDate"}
     }
}'

All the parameters shown in the previous table are required (well, except for customClaims). If you leave out a required parameter your API call will fail with an error message similar to this one:

{
    "errors": "('title',) field required"
}