Modify a login policy

When it comes to modifying login policies, perhaps the most important thing you need to know is this: many login policy properties can’t be modified. For example, in the sample login policy shown below, many of the items are read-only and can’t be changed:

{
    "id": "5cb723fd-1c8a-4ddc-9a62-bb8f701409e4",
    "identityStoreDetails": {
        "type": "janrainCapture",
        "connectionDetails": {
            "domain": "alb.capture.multi.dev.or.janrain.com",
            "applicationId": "kfcmdfudasmx9wkay7463vpdsy",
            "entityType": "user",
            "clientId": "96by2t9dav337mvzbybqdfcjmrsd7bn4",
            "clientSecret": "tedywcxnevb6feyb88585f466dp8nsqc"
        }
    },
    "loginURL": "http://localhost/login",
    "customClaims": {
        "userinfo": {
            "display_name": "displayName",
            "zip": "primaryAddress.zip"
        }
    },
    "title": "Greg Modification Test Policy",
    "_links": {
        "self": {
            "href": "/01000000-0000-3000-9000-000000000000/config/loginPolicies/5cb723fd-1c8a-4ddc-9a62-bb8f701409e4"
        }
    }
}

If you try to change one of those “off-limits” properties (for example, if you try to change the entityType), your command will fail with an error message similar to this:

{
    "errors": "identityStoreDetails cannot be changed"
}

Which, to make a long story short, means that you can only modify three properties:

  • oginURL
  • title
  • customClaims

But wait: there’s more. When you modify a login policy, you must always include both the loginURL and the title parameters, even if you aren’t changing those values. Leave one out and you’ll get an error message similar to this:

{
    "errors": "('loginURL',) field required"
}

This is also true for the id parameter and the identityStoreDetails section: you can’t change these values, but your API call fails if you leave them out. The only truly optional parameter is customClaims, but there’s a gotcha there as well. For example, suppose you have the login policy shown at the beginning of this section, a policy that includes the following custom claims:

"customClaims": {
    "userinfo": {
        "display_name": "displayName",
        "zip": "primaryAddress.zip"
}

And suppose you decide to change the title of this policy from Documentation Login Policy to Legacy Login Policy. When you do so, you leave customClaims out of your API call:

curl -X PUT \
  https://v1.api.us.janrain.com/01000000-0000-3000-9000-000000000000/config/loginPolicies/b8097975-93c7-46db-8cfe-19609e67eadb \
  -H 'Authorization: Bearer 03v-eeodppPrrHXXIx56pRLyDBaOldDxqEwI59MFCFGVuSkLRapzgmfwmEHyKWle' \
  -H 'Content-Type: application/json' \
  -d '{
    "id": "b8097975-93c7-46db-8cfe-19609e67eadb",
    "identityStoreDetails": {
        "type": "janrainCapture",
        "connectionDetails": {
            "domain": "alb.capture.multi.dev.or.janrain.com",
            "applicationId": "kfcmdfudasmx9wkay7463vpdsy",
            "entityType": "user",
            "clientId": "96by2t9dav337mvzbybqdfcjmrsd7bn4",
            "clientSecret": "tedywcxnevb6feyb88585f466dp8nsqc"
        }
    },
    "loginURL": "http://localhost/login",
    "title": "Legacy Login Policy"
}'

When your API call finishes, you’ll get back updated property values for the policy. As you can see below, the title property was changed. As you can also see, the customClaims section was deleted:

{
    "id": "b8097975-93c7-46db-8cfe-19609e67eadb",
    "identityStoreDetails": {
        "type": "janrainCapture",
        "connectionDetails": {
            "domain": "alb.capture.multi.dev.or.janrain.com",
            "applicationId": "kfcmdfudasmx9wkay7463vpdsy",
            "entityType": "user",
            "clientId": "96by2t9dav337mvzbybqdfcjmrsd7bn4",
            "clientSecret": "tedywcxnevb6feyb88585f466dp8nsqc"
        }
    },
    "loginURL": "http://localhost/login",
    "title": "Legacy Login Policy",
    "_links": {
        "self": {
            "href": "/01000000-0000-3000-9000-000000000000/config/loginPolicies/b8097975-93c7-46db-8cfe-19609e67eadb"
        }
    }
}

Why? You got it: because it wasn’t included in the API call. If your API call doesn’t include the customClaims section then that section (assuming it exists) will be removed from the policy.

As for the mechanics involved in modifying a login policy, we’ve already seen how this works : all the properties and property values must be formatted as JSON, and they must all be included as part of the body parameter.


Did this page help you?