Experimental
HTTP request
POST https://identitytoolkit.googleapis.com/v1/accounts:issueSamlResponse
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "rpId" : string , "idToken" : string , "samlAppEntityId" : string } |
| Fields | |
|---|---|
rpId
|
Relying Party identifier, which is the audience of issued SAMLResponse. |
idToken
|
The Identity Platform ID token. It will be verified and then converted to a new SAMLResponse. |
samlAppEntityId
|
SAML app entity id specified in Google Admin Console for each app. If developers want to redirect to a third-party app rather than a G Suite app, they'll probably they need this. When it's used, we'll return a RelayState. This includes a SAMLRequest, which can be used to trigger a SP-initiated SAML flow to redirect to the real app. |
Response body
Response for accounts.issueSamlResponse request.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{ "samlResponse" : string , "acsEndpoint" : string , "relayState" : string , "email" : string , "firstName" : string , "lastName" : string , "isNewUser" : boolean } |
| Fields | |
|---|---|
samlResponse
|
Signed SAMLResponse created for the Relying Party. |
acsEndpoint
|
The ACS endpoint which consumes the returned SAMLResponse. |
relayState
|
Generated RelayState. |
email
|
Email of the user. |
firstName
|
First name of the user. |
lastName
|
Last name of the user. |
isNewUser
|
Whether the logged in user was created by this request. |
Authorization scopes
Requires one of the following OAuth scopes:
-
https://www.googleapis.com/auth/identitytoolkit -
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview .
