Still on Drupal 7? Security support for Drupal 7 ended on 5 January 2025. Please visit our Drupal 7 End of Life resources page to review all of your options.REST API Authentication using External Identity Provider
If you are looking to protect/restrict access to your Drupal REST APIs using your Identity provider, then you should go for the External Identity Provider Authentication method.
Drupal API Authentication using an External Identity Provider involves the use of tokens received from third-party providers like Google, Azure AD, Keycloak, Okta, Gitlab, etc. for accessing Drupal rest APIs securely.
In this method, you need to configure the module with the User Info Endpoint provided by your Identity Provider and the username attribute from your Identity Provider, and you will be able to authenticate all the Drupal API Requests using the token provided by your provider. Drupal REST API Module verifies the received user credentials against the Drupal user account. This module is compatible with Drupal 8, Drupal 9, Drupal 10, and Drupal 11.
Setup Video:
Pre-requisites: Download and Installation:
- Download & install the Drupal REST & JSON API Authentication module.
- REST UI: This module provides you with a user interface for configuring the REST module.
- Enable the following Web Services modules from under the Extend section(/admin/modules) of your Drupal site:
- REST UI
- RESTful Web Services
- Serialization
Enable the API and assign methods and operations as follows:
- The first step is to enable the API and assign the methods and operations allowed for that API. This can be done using the REST UI module, or by directly modifying the Drupal config.
- Click on the Enable API button.
- To enable the API using the REST UI module, click the Configure button (as shown below).
- In our example, we need to enable the
/entity/userAPI. Do this by selecting the Enable option in front of it.
- Since our goal is to create a user in Drupal, select the following configurations:
- Method: POST
- Format: JSON
- Authentication Provider: rest_api_authentication
- This allows the miniOrange API Authentication module to authenticate the API. Click the Save Configuration button to continue.
Setup External Identity Provider Authentication Method:
- In this step, we will set up the External Identity Provider as API Authentication. To do this, navigate to the API Authentication tab of the module (/admin/config/people/rest_api_authentication/auth_settings).
- Under Basic Configuration, enable the Enable Authentication toggle.
- Enter the Application Name and select External Identity Provider from the Authentication Method section.
- Scroll down to the External Identity Provider Configuration section on the same tab.
- Enter the User Info Endpoint of your Identity Provider in the given field, so the module can fetch user details using the provided token.
- In the Username Attribute, enter the attribute key or name from your Identity Provider that contains the username sent by the external provider.
- Click the Save Configuration button.
-
You have successfully configured the External Identity Provider method.
Note: Use the application-specific unique header when authenticating the API.
Grant Role Permissions to Create Users:
- If needed, you can allow non-admin Drupal roles to create users. To do this, assign the Administer users permission to the desired roles from the Permissions page (/admin/people/permissions) of your Drupal site.
Example:
- For better understanding, let’s take an example of adding External Identity Provider-based authentication to the create user API in Drupal.
Note: The /entity/user API in Drupal is used to create a new user.
- To create a user in Drupal, send a POST request along with the token received from your Identity Provider.
HTML Request Format-
Request: POST <your_drupal_base_url>/entity/user?_format=json
Header:
AUTH-METHOD: application_id
Token: <Token_receievd_from_external_identity_provider>
Accept: application/json
Content-Type: application/json
Body:
{
"name": {
"value": "<username>"
},
"mail": {
"value": "<email>"
},
"pass": {
"value": "<password>"
},
"status": {
"value": "1"
}
}
CURL Request Format-
curl --location --request POST ‘<your_drupal_base_url>/entity/user?_format=json' \
--header 'AUTH-METHOD: application_id' \
--header 'Token: <Token_receievd_from_external_identity_provider>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '
{
"name": [
{ "value": "Username" }
],
"mail": [
{ "value": "email" }
],
"pass": [
{ "value": "Password" }
],
"status": [
{ "value": "1" }
]
}
- You can also refer to the Postman request image shown below.
- A successful response will return the details of the user you created (see the image below).
- If you receive any error in the response, refer to the table below for the error description and possible solutions.
| Error | Description |
| MISSING_HEADER |
You will get this error if you don’t send a Unique header in the API request, or if your server removes it for some reason. Example: { |
| INVALID_USER_INFO_ENDPOINT |
You will get this error whenever you provide the incorrect user info URL in the module configuration. |
| INVALID_USERNAME_ATTRIBUTE |
You will get this error whenever you provide the incorrect username attribute in the module configuration or if there is an error while trying to retrieve the username. |
| INVALID_TOKEN |
You will get this error whenever the token provided by you is incorrect or missing from the header |
Congratulations!!!! You can now authenticate any calls to your Drupal APIs using an External Identity Provider Token.
We hope you found this document useful and informative.
Contact our 24*7 support team
Feel free to reach out to our Drupal experts if you need any sort of assistance in setting up REST & JSON API Authentication on your Drupal site.
Back to topHelp improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
