diff --git a/astro/src/content/docs/apis/identity-providers/_external-jwt-request-body.mdx b/astro/src/content/docs/apis/identity-providers/_external-jwt-request-body.mdx
index 912f9c696c..15812f625a 100644
--- a/astro/src/content/docs/apis/identity-providers/_external-jwt-request-body.mdx
+++ b/astro/src/content/docs/apis/identity-providers/_external-jwt-request-body.mdx
@@ -34,14 +34,6 @@ import IdentityProviderLinkingStrategyRequestParameter from 'src/content/docs/ap
Determines if this provider is enabled. If it is false then it will be disabled globally.
-
- The name of the claim that contains the user's email address. This will only be used when the identityProvider.linkingStrategy is equal to `LinkByEmail` or `LinkByEmailForExistingUser`.
-
-
- The name of the claim that identities if the user's email address has been verified.
-
- When the identityProvider.linkingStrategy is equal to `LinkByEmail` or `LinkByEmailForExistingUser` and this claim is present and the value is `false` a link will not be established and an error will be returned indicating a link cannot be established using an unverified email address.
-
The name header claim that identifies the public key used to verify the signature. In most cases this be `kid` or `x5t`.
@@ -56,7 +48,7 @@ import IdentityProviderLinkingStrategyRequestParameter from 'src/content/docs/ap
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user. This may be used in addition to, or in place of the claim mappings.
- The specified Lambda Id must be of type `ExternalJWTReconcile`
+ The specified Lambda Id must be of type `ExternalJWTReconcile`.
+
+ The name of the claim that contains the user's email address. This will only be used when the identityProvider.linkingStrategy is equal to `LinkByEmail` or `LinkByEmailForExistingUser`.
+
+
+ The name of the claim that identities if the user's email address has been verified.
+
+ When the identityProvider.linkingStrategy is equal to `LinkByEmail` or `LinkByEmailForExistingUser` and this claim is present and the value is `false` a link will not be established and an error will be returned indicating a link cannot be established using an unverified email address.
+
The token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the
Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
@@ -89,7 +89,7 @@ import IdentityProviderLinkingStrategyRequestParameter from 'src/content/docs/ap
This field must be set to `ExternalJWT`.
- The name of the claim that represents the unique identify of the User. This will generally be `email` or the name of the claim that provides the email address.
+ The name of the claim that represents the unique identity of the User. This will generally be `email` or the name of the claim that provides the email address.
This parameter has been deprecated, prefer the use of uniqueIdClaim.
diff --git a/astro/src/content/docs/apis/identity-providers/_external-jwt-response-body.mdx b/astro/src/content/docs/apis/identity-providers/_external-jwt-response-body.mdx
index 4e348cee98..515093a543 100644
--- a/astro/src/content/docs/apis/identity-providers/_external-jwt-response-body.mdx
+++ b/astro/src/content/docs/apis/identity-providers/_external-jwt-response-body.mdx
@@ -69,10 +69,26 @@ import InlineField from 'src/components/InlineField.astro';
Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2
authorize endpoint.
+
+ The name of the claim that contains the user's email address. This will only be used when the identityProvider.linkingStrategy is equal to `LinkByEmail` or `LinkByEmailForExistingUser`.
+
+
+ The name of the claim that identities if the user's email address has been verified.
+
+ When the identityProvider.linkingStrategy is equal to `LinkByEmail` or `LinkByEmailForExistingUser` and this claim is present and the value is `false` a link will not be established and an error will be returned indicating a link cannot be established using an unverified email address.
+
The token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the
Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
+
+ The name of the claim that contains the user's unique user Id.
+
+
+ The name of the claim that contains the user's username. This will only be used when the identityProvider.linkingStrategy is equal to `LinkByUsername` or `LinkByUsernameForExistingUser`.
+
+
+
@@ -80,7 +96,7 @@ import InlineField from 'src/components/InlineField.astro';
The type of this provider, this field will always be set to `ExternalJWT`.
- The name of the claim that represents the unique identify of the User. This will generally be `email` or the name of the claim that provides
+ The name of the claim that represents the unique identity of the User. This will generally be `email` or the name of the claim that provides
the email address.
diff --git a/astro/src/content/json/identity-providers/external-jwt-request.json b/astro/src/content/json/identity-providers/external-jwt-request.json
index eb89c62237..f6858aee9e 100644
--- a/astro/src/content/json/identity-providers/external-jwt-request.json
+++ b/astro/src/content/json/identity-providers/external-jwt-request.json
@@ -15,7 +15,11 @@
"name": "Acme Corp. ADFS",
"oauth2": {
"authorization_endpoint": "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
- "token_endpoint": "https://acme.com/adfs/oauth2/token"
+ "emailClaim": "email",
+ "emailVerifiedClaim": "email_verified",
+ "token_endpoint": "https://acme.com/adfs/oauth2/token",
+ "uniqueIdClaim": "sub",
+ "usernameClaim": "preferred_username"
},
"tenantConfiguration": {
"e872a880-b14f-6d62-c312-cb40f22af465": {
@@ -28,4 +32,4 @@
"type": "ExternalJWT",
"uniqueIdentityClaim": "email"
}
-}
\ No newline at end of file
+}
diff --git a/astro/src/content/json/identity-providers/external-jwt-response.json b/astro/src/content/json/identity-providers/external-jwt-response.json
index 924305caf4..85a2f3fc28 100644
--- a/astro/src/content/json/identity-providers/external-jwt-response.json
+++ b/astro/src/content/json/identity-providers/external-jwt-response.json
@@ -17,7 +17,11 @@
"name": "Acme Corp. ADFS",
"oauth2": {
"authorization_endpoint": "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
- "token_endpoint": "https://acme.com/adfs/oauth2/token"
+ "emailClaim": "email",
+ "emailVerifiedClaim": "email_verified",
+ "token_endpoint": "https://acme.com/adfs/oauth2/token",
+ "uniqueIdClaim": "sub",
+ "usernameClaim": "preferred_username"
},
"type": "ExternalJWT",
"tenantConfiguration": {
@@ -30,4 +34,4 @@
},
"uniqueIdentityClaim": "email"
}
-}
\ No newline at end of file
+}