Configuration check API

1. Introduction

This endpoint provides online validation of a Connect2id server configuration. It can be used as part of a DevOps pipeline. The configuration checks are identical to those performed at server startup.

Available since v6.16.

2. Web API overview

Resources
/config/check [POST]
Representations	Errors
Configuration properties	400 Bad Request 500 Internal Server Error

3. Resources

3.1 /config/check

3.1.1 POST

Validates a set of Connect2id server configuration properties.

Header parameters:

Content-Type Must be set to text/plain.

Body:

The configuration properties.

Success:

Code: 204

Errors:

400 Bad Request
500 Internal Server Error

Example POST to validate a set of configuration properties:

POST /config/check HTTP/1.1
Host: c2id.com
Content-Type: text/plain

op.issuer = https://c2id.com
op.policy = https://c2id.com/policy.html
op.tos = https://c2id.com/tos.html
op.serviceDocs = https://c2id.com/service-docs.html

op.reg.allowOpenRegistration = false
op.reg.rejectNonTLSRedirectionURIs = true
op.reg.accessTokenByteLength = 32
op.reg.refreshAccessTokenOnUpdate = true
op.reg.clientIDByteLength = 8
op.reg.clientSecretLifetime = 0
op.reg.alwaysRefreshClientSecretOnUpdate = true
op.reg.requireRequestURIRegistration = true
op.reg.requestURIQuota = 5
op.reg.apiAccessToken = ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6
...

If the configuration properties validate with success the response is 204:

HTTP/1.1 204 No Content

If a configuration property is found to be invalid the response is 400 with a descriptive error message:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error"             : "invalid_configuration_property",
  "error_description" : "Missing property",
  "error_uri"         : "https://connect2id.com/products/server/docs/config/monitoring#monitor-apiAccessToken",
  "property_name"     : "monitor.apiAccessToken",
  "property_value"    : null
}

4. Representations

4.1 Configuration properties

A Connect2id server configuration property set, consisting of the combined properties for

core (/WEB-INF/oidcProvider.properties)
session store (/WEB-INF/sessionStore.properties)
authorisation store (/WEB-INF/authzStore.properties)
monitoring (/WEB-INF/monitor.properties)

Empty lines, comments and unrecognised property names are ignored, in line with the rules for processing a Java properties file.

Example configuration property set:

op.issuer = https://c2id.com
op.policy = https://c2id.com/policy.html
op.tos = https://c2id.com/tos.html
op.serviceDocs = https://c2id.com/service-docs.html

op.reg.allowOpenRegistration = false
op.reg.rejectNonTLSRedirectionURIs = true
op.reg.accessTokenByteLength = 32
op.reg.refreshAccessTokenOnUpdate = true
op.reg.clientIDByteLength = 8
op.reg.clientSecretLifetime = 0
op.reg.alwaysRefreshClientSecretOnUpdate = true
op.reg.requireRequestURIRegistration = true
op.reg.requestURIQuota = 5
op.reg.apiAccessToken = ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6
...

5. Errors

400 Bad Request

Invalid or malformed configuration property.

The response body has the JSON object members:

error {“invalid_properties_format”|“invalid_configuration_property”} The error code:
- invalid_properties_format – The submitted properties format is invalid.
- invalid_configuration_property – A configuration property is invalid or missing.
error_description {string} The error description.
[ error_uri ] {string} Link to online documentation for the configuration property, omitted if not applicable or not available.
[ property_name ] {string} The name of the invalid property, omitted or null if not applicable.
[ property_value ] {string} The value of the invalid property, omitted if not applicable, null if not specified or parsing of the value failed for some reason.

Example error for a missing configuration property:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error"             : "invalid_configuration_property",
  "error_description" : "Missing property",
  "error_uri"         : "https://connect2id.com/products/server/docs/config/monitoring#monitor-apiAccessToken",
  "property_name"     : "monitor.apiAccessToken",
  "property_value"    : null
}

Example error for an invalid JWS algorithm in a configuration property:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error"             : "invalid_configuration_property",
  "error_description" : "Unsupported ID token JWS algorithm(s)",
  "error_uri"         : "https://connect2id.com/products/server/docs/config/core#op-idToken-jwsAlgs",
  "property_name"     : "op.idToken.jwsAlgs",
  "property_value"    : "X256"
}

500 Internal Server Error

An internal server error has occurred. Check the Connect2id server logs for details.

Example:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
  "error"             : "server_error",
  "error_description" : "Internal server error: Something bad happened",
  "stack"             : "Exception in thread...",
  "note"              : "See the server logs for additional details"
}