メインコンテンツまでスキップ

idp-server コントロールプレーン ユーザー管理 API (1.0.0)

Download OpenAPI specification:Download

ユーザーの管理API仕様書

organization-user

組織レベルユーザー管理

Create user within organization tenant

組織内の特定のテナントに新しいユーザーを作成します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
sub
string <uuid>

Unique subject identifier (optional, auto-generated if not provided)

provider_id
required
string <= 255 characters

Identity provider identifier

external_user_id
string <= 255 characters

External user identifier from identity provider

username
string <= 255 characters

Username for authentication

name
required
string <= 255 characters

Full display name of the user

given_name
string <= 255 characters

Given name (first name) of the user

family_name
string <= 255 characters

Family name (last name) of the user

middle_name
string <= 255 characters

Middle name of the user

nickname
string <= 255 characters

Casual name of the user

preferred_username
string <= 255 characters

Preferred username for display

profile
string <uri> <= 255 characters

URL of the user's profile page

picture
string <uri> <= 255 characters

URL of the user's profile picture

website
string <uri> <= 255 characters

URL of the user's website

email
required
string <email> <= 255 characters

Email address of the user

email_verified
boolean

Whether the email address has been verified

gender
string

Gender identity of the user

birthdate
string <date>

Date of birth (YYYY-MM-DD format)

zoneinfo
string <= 255 characters

Time zone information

locale
string

Locale preference

phone_number
string^\+?[0-9\- ]{7,20}$

Phone number in E.164 format

phone_number_verified
boolean

Whether the phone number has been verified

object

Physical address of the user

raw_password
required
string [ 8 .. 255 ] characters

Plain text password (will be hashed on server)

object

Verified identity claims (OpenID for Identity Assurance)

object

Custom user properties

Array of objects

User roles

assigned_tenants
Array of strings <uuid> [ items <uuid > ]

List of tenant IDs the user is assigned to

current_tenant
string <uuid>

Current primary tenant ID

assigned_organizations
Array of strings <uuid> [ items <uuid > ]

List of organization IDs the user is assigned to

current_organization
string <uuid>

Current primary organization ID

Responses

Request samples

Content type
application/json
{
  • "sub": "753487e7-10bc-4e69-b3b2-4da33721ea3e",
  • "provider_id": "idp-server",
  • "external_user_id": "string",
  • "username": "string",
  • "name": "string",
  • "given_name": "string",
  • "family_name": "string",
  • "middle_name": "string",
  • "nickname": "string",
  • "preferred_username": "string",
  • "profile": "http://example.com",
  • "picture": "http://example.com",
  • "website": "http://example.com",
  • "email": "user@example.com",
  • "email_verified": true,
  • "gender": "string",
  • "birthdate": "2019-08-24",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phone_number": "string",
  • "phone_number_verified": true,
  • "address": {
    },
  • "raw_password": "stringst",
  • "verified_claims": { },
  • "custom_properties": { },
  • "roles": [
    ],
  • "assigned_tenants": [
    ],
  • "current_tenant": "f074cfc2-75c1-4aae-a9d7-15ec980dafc4",
  • "assigned_organizations": [
    ],
  • "current_organization": "c57905cf-834e-4a0d-815b-7b39aa8070fb"
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

List users within organization tenant

組織内の特定のテナントのユーザー一覧を取得します。結果は作成日時の降順(新しいユーザーが先頭)でソートされます。

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

query Parameters
limit
integer [ 1 .. 1000 ]
Default: 20

返すアイテムの最大数

offset
integer >= 0
Default: 0

アイテムを返す開始インデックス

user_id
string

特定のユーザーIDでフィルタリング

preferred_username
string

優先ユーザー名でフィルタリング

email
string

メールアドレスでフィルタリング

external_user_id
string

外部ユーザーIDでフィルタリング

status
string
Enum: "active" "inactive" "locked"

ユーザーステータスでフィルタリング

provider_id
string

プロバイダーIDでフィルタリング

phone_number
string

電話番号でフィルタリング

name
string

名前で部分一致検索(大文字小文字区別なし)

given_name
string

名で部分一致検索(大文字小文字区別なし)

family_name
string

姓で部分一致検索(大文字小文字区別なし)

middle_name
string

ミドルネームで部分一致検索(大文字小文字区別なし)

nickname
string

ニックネームで部分一致検索(大文字小文字区別なし)

role
string

ロール名で部分一致検索

permission
string

権限名で部分一致検索

from
string <date-time>

作成日時の開始(ISO 8601形式)

to
string <date-time>

作成日時の終了(ISO 8601形式)

Responses

Response samples

Content type
application/json
{
  • "list": [
    ],
  • "total_count": 0,
  • "limit": 0,
  • "offset": 0
}

Get user within organization tenant

組織内のテナントの特定のユーザーを取得します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

Responses

Response samples

Content type
application/json
{
  • "sub": "753487e7-10bc-4e69-b3b2-4da33721ea3e",
  • "provider_id": "string",
  • "external_user_id": "string",
  • "username": "string",
  • "name": "string",
  • "given_name": "string",
  • "family_name": "string",
  • "middle_name": "string",
  • "nickname": "string",
  • "preferred_username": "string",
  • "profile": "http://example.com",
  • "picture": "http://example.com",
  • "website": "http://example.com",
  • "email": "user@example.com",
  • "email_verified": true,
  • "gender": "string",
  • "birthdate": "2019-08-24",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phone_number": "string",
  • "phone_number_verified": true,
  • "address": {
    },
  • "updated_at": "2019-08-24T14:15:22Z",
  • "status": "REGISTERED",
  • "hashed_password": "string",
  • "verified_claims": { },
  • "custom_properties": { },
  • "authentication_devices": [
    ],
  • "roles": [
    ],
  • "permissions": [
    ],
  • "assigned_tenants": [
    ],
  • "assigned_organizations": [
    ]
}

Update user within organization tenant

組織内のテナントの特定のユーザーを更新します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
provider_id
required
string <= 255 characters

Identity provider identifier

external_user_id
string <= 255 characters

External user identifier from identity provider

username
string <= 255 characters

Username for authentication

name
required
string <= 255 characters

Full display name of the user

given_name
string <= 255 characters

Given name (first name) of the user

family_name
string <= 255 characters

Family name (last name) of the user

middle_name
string <= 255 characters

Middle name of the user

nickname
string <= 255 characters

Casual name of the user

preferred_username
string <= 255 characters

Preferred username for display

profile
string <uri> <= 255 characters

URL of the user's profile page

picture
string <uri> <= 255 characters

URL of the user's profile picture

website
string <uri> <= 255 characters

URL of the user's website

email
required
string <email> <= 255 characters

Email address of the user

email_verified
boolean

Whether the email address has been verified

gender
string

Gender identity of the user

birthdate
string <date>

Date of birth (YYYY-MM-DD format)

zoneinfo
string <= 255 characters

Time zone information

locale
string

Locale preference

phone_number
string^\+?[0-9\- ]{7,20}$

Phone number in E.164 format

phone_number_verified
boolean

Whether the phone number has been verified

object

Physical address of the user

object

Verified identity claims (OpenID for Identity Assurance)

object

Custom user properties

Array of objects

User roles

assigned_tenants
Array of strings <uuid> [ items <uuid > ]

List of tenant IDs the user is assigned to

current_tenant
string <uuid>

Current primary tenant ID

assigned_organizations
Array of strings <uuid> [ items <uuid > ]

List of organization IDs the user is assigned to

current_organization
string <uuid>

Current primary organization ID

Responses

Request samples

Content type
application/json
{
  • "provider_id": "string",
  • "external_user_id": "string",
  • "username": "string",
  • "name": "string",
  • "given_name": "string",
  • "family_name": "string",
  • "middle_name": "string",
  • "nickname": "string",
  • "preferred_username": "string",
  • "profile": "http://example.com",
  • "picture": "http://example.com",
  • "website": "http://example.com",
  • "email": "user@example.com",
  • "email_verified": true,
  • "gender": "string",
  • "birthdate": "2019-08-24",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phone_number": "string",
  • "phone_number_verified": true,
  • "address": {
    },
  • "verified_claims": { },
  • "custom_properties": { },
  • "roles": [
    ],
  • "assigned_tenants": [
    ],
  • "current_tenant": "f074cfc2-75c1-4aae-a9d7-15ec980dafc4",
  • "assigned_organizations": [
    ],
  • "current_organization": "c57905cf-834e-4a0d-815b-7b39aa8070fb"
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Delete user within organization tenant

組織内のテナントの特定のユーザーを削除します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Responses

Response samples

Content type
application/json
{
  • "error": "string",
  • "error_description": "string",
  • "error_messages": [
    ],
  • "error_details": { }
}

Partially update user within organization tenant

組織内のテナントの特定のユーザーを部分更新します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
provider_id
required
string <= 255 characters

Identity provider identifier

external_user_id
string <= 255 characters

External user identifier from identity provider

username
string <= 255 characters

Username for authentication

name
required
string <= 255 characters

Full display name of the user

given_name
string <= 255 characters

Given name (first name) of the user

family_name
string <= 255 characters

Family name (last name) of the user

middle_name
string <= 255 characters

Middle name of the user

nickname
string <= 255 characters

Casual name of the user

preferred_username
string <= 255 characters

Preferred username for display

profile
string <uri> <= 255 characters

URL of the user's profile page

picture
string <uri> <= 255 characters

URL of the user's profile picture

website
string <uri> <= 255 characters

URL of the user's website

email
required
string <email> <= 255 characters

Email address of the user

email_verified
boolean

Whether the email address has been verified

gender
string

Gender identity of the user

birthdate
string <date>

Date of birth (YYYY-MM-DD format)

zoneinfo
string <= 255 characters

Time zone information

locale
string

Locale preference

phone_number
string^\+?[0-9\- ]{7,20}$

Phone number in E.164 format

phone_number_verified
boolean

Whether the phone number has been verified

object

Physical address of the user

object

Verified identity claims (OpenID for Identity Assurance)

object

Custom user properties

Array of objects

User roles

assigned_tenants
Array of strings <uuid> [ items <uuid > ]

List of tenant IDs the user is assigned to

current_tenant
string <uuid>

Current primary tenant ID

assigned_organizations
Array of strings <uuid> [ items <uuid > ]

List of organization IDs the user is assigned to

current_organization
string <uuid>

Current primary organization ID

Responses

Request samples

Content type
application/json
{
  • "provider_id": "string",
  • "external_user_id": "string",
  • "username": "string",
  • "name": "string",
  • "given_name": "string",
  • "family_name": "string",
  • "middle_name": "string",
  • "nickname": "string",
  • "preferred_username": "string",
  • "profile": "http://example.com",
  • "picture": "http://example.com",
  • "website": "http://example.com",
  • "email": "user@example.com",
  • "email_verified": true,
  • "gender": "string",
  • "birthdate": "2019-08-24",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phone_number": "string",
  • "phone_number_verified": true,
  • "address": {
    },
  • "verified_claims": { },
  • "custom_properties": { },
  • "roles": [
    ],
  • "assigned_tenants": [
    ],
  • "current_tenant": "f074cfc2-75c1-4aae-a9d7-15ec980dafc4",
  • "assigned_organizations": [
    ],
  • "current_organization": "c57905cf-834e-4a0d-815b-7b39aa8070fb"
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Update user password within organization tenant

Updates a specific user's password for a tenant within an organization

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
raw_password
required
string >= 8 characters ^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_+=...

Plain text password (will be hashed on server)

Responses

Request samples

Content type
application/json
{
  • "raw_password": "stringst"
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Update user roles within organization tenant

Updates a specific user's roles for a tenant within an organization

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
Array of objects <= 50 items

User roles

permissions
Array of strings <= 100 items [ items <= 255 characters ]

Direct permissions assigned to user

Responses

Request samples

Content type
application/json
{
  • "roles": [
    ],
  • "permissions": [
    ]
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Update user tenant assignments within organization

Updates a specific user's tenant assignments within an organization

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
current_tenant_id
string <uuid>

Current primary tenant ID

assigned_tenants
required
Array of strings <uuid> <= 20 items [ items <uuid > ]

List of tenant IDs the user is assigned to

Responses

Request samples

Content type
application/json
{
  • "current_tenant_id": "191a59f0-183b-4bba-bc57-e6aba2266419",
  • "assigned_tenants": [
    ]
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Update user organization assignments

Updates a specific user's organization assignments

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
current_organization_id
string <uuid>

Current primary organization ID

assigned_organizations
required
Array of strings <uuid> <= 20 items [ items <uuid > ]

List of organization IDs the user is assigned to

Responses

Request samples

Content type
application/json
{
  • "current_organization_id": "472f992a-d0a6-488f-94bb-a1f0763b707a",
  • "assigned_organizations": [
    ]
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

List user sessions

指定されたユーザーのアクティブなセッション一覧を取得します。

このエンドポイントは、ユーザーが現在持っているOPセッション(OpenID Provider Session)の情報を返します。 セッション情報には、セッションID、認証時刻、有効期限、最終アクセス時刻などが含まれます。

ユースケース:

  • ユーザーのログイン状況の確認
  • 不正アクセスの検出(予期しないセッションの発見)
  • セッション管理画面の構築
path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

Responses

Response samples

Content type
application/json
{
  • "list": [
    ]
}

Delete all user sessions

指定されたユーザーのすべてのセッションを一括削除(ログアウト)します。

このエンドポイントは、ユーザーが持つすべてのOPセッションを無効化します。 パスワード変更後の全デバイスからのログアウトや、アカウント侵害時の緊急対応に使用します。

ユースケース:

  • パスワード変更後の全セッション無効化
  • アカウント侵害時の緊急対応
  • ユーザー退職時のセッションクリア
path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Responses

Response samples

Content type
application/json
{
  • "error": "string",
  • "error_description": "string",
  • "error_messages": [
    ],
  • "error_details": { }
}

Delete user session

指定されたユーザーの特定のセッションを削除(ログアウト)します。

このエンドポイントは、ユーザーの特定のOPセッションを無効化します。 セッション削除により、そのセッションに関連するすべてのトークンも無効化されます。

ユースケース:

  • 不正アクセスが疑われるセッションの強制終了
  • ユーザーからの要請によるリモートログアウト
  • セキュリティインシデント対応
path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

session-id
required
string <uuid>

セッションの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Responses

Response samples

Content type
application/json
{
  • "error": "string",
  • "error_description": "string",
  • "error_messages": [
    ],
  • "error_details": { }
}