Delete a login policy
If you have login policies that you no longer need, thereโs no reason to keep those policies around: not only does deleting unwanted policies reduce clutter, but it also prevents you (or another administrator) from inadvertently using one of those policies. To delete a login policy, use a Curl command similar to the following:
curl -X DELETE \
https://v1.api.us.janrain.com/01000000-0000-3000-9000-000000000000/config/loginPolicies/d4308c4d-f5d5-403f-bbb4-403dbdb3efe6 \
-H 'Authorization: Bearer 03v-eeodppPrrHXXIx56pRLyDBaOldDxqEwI59MFCFGVuSkLRapzgmfwmEHyKWle' \
-H 'Content-Type: application/json'
The preceding command deletes the specified login policy โฆ provided that the policy isnโt currently assigned to an OIDC client. If the policy is assigned to an OIDC client, your API call fails and youโll get back an error message similar to the following:
{
"errors":
"[/customers/01000000-0000-3000-9000-000000000000/clients/15e60c44-a26e-45e3-9c9a-bbb7a4fd08f0\",
\"/customers/01000000-0000-3000-9000-000000000000/clients/fd72dfd7-3ad8-4237-a74d-013e04ae947c\"]\n"
}
Believe it or not, this is actually a very useful error message: it contains the IDs of the OIDC clients that the policy is assigned to. In the preceding example, the policy we wanted to delete is currently assigned to two different clients (shown in red above):
- 15e60c44-a26e-45e3-9c9a-bbb7a4fd08f0
- fd72dfd7-3ad8-4237-a74d-013e04ae947c
Before you can delete login policy d4308c4d-f5d5-403f-bbb4-403dbdb3efe6 you must disassociate the policy from its two associated clients. And to do that, youโll need to use the /{customer_id}/config/clients/{client_id} operation and assign the client a new login policy.
As a general rule, you donโt want to simply delete a login policy from an OIDC client: if you do that, the client will no longer be capable of assisting with user logins and registrations. Instead of deleting the login policy from the client, replace the old login policy with a new one.
Updated over 1 year ago