Identity and Access Management - Cloud Services Engagement Platform

Release Notes For Developers

June 3, 2021

[Deprecated] Using refresh_token query param on token exchange API
  • Support for using the refresh_token as a query param in /am/api/auth/api-tokens/authorize has ended.
  • Instead, include the refresh_token in HTTP request body using application/x-www-form-urlencoded format.
[Deprecated] Using PATCH in remove users from org API (/am/api/v2/orgs/{orgId}/users)
  • The API PATCH /am/api/orgs/{orgId}/users is replaced by DELETE /am/api/v2/orgs/{orgId}/users
  • userid must be specified in the format of vmware.com:820e7ca5-4024-407e-8db4-f552d5d03403
  • if ‘user acct’ is unavailable, use DELETE /am/api/orgs/{orgId}/users
[Deprecated] PEM public-key format
  • Support for PEM public-key format has ended.
  • Going forward, CSP will perform JWKS based key rotations.
  • JWKS Format API can be found on /am/api/auth/token-public-key?format=jwks.
[Deprecated] Support for v1 get users API has ended
  • API GET /am/api/orgs/{orgId}/users is replaced by GET /am/api/v2/orgs/{orgId}/users
  • v2 API supports pagination, enhanced results filtering, and ability to receive an expanded user’s profile in the response.
[Deprecated] Support for user and service role management v1 APIs has ended
  • The following APIs are replaced by PATCH /am/api/v3/users/{userId}/orgs/{orgId}/roles
    • PATCH /am/api/users/{acct}/orgs/{orgId}/service-roles
    • PATCH /am/api/users/{acct}/orgs/{orgId}/roles
  • This change introduces changing user and\or service roles in one single call.
[Deprecated] Support for unsupported parameters in API requests has ended
  • Invalid parameters in the body of API request will not be ignored.
  • Going forward, a 400 Bad Request HTTP error returns if unsupported parameters are used in request
[Deprecated] Remove duplicate domain name from group name in ID Token
  • Until now, the group names encoding in the ID Token could have a duplicate domain name.
    • e.g. g.dyn.acme_all_active_employees@domain.com@domain.com
  • Going forward, there will be only one single entry for the domain name.
    • e.g. g.dyn.acme_all_active_employees@domain.com
Feedback

Was this page helpful?