If the identity provider is PayPal, a subset of PayPal provider attributes can be used as the mapping attribute placeholder value.
The placeholder value must use the following syntax:
${providerAttributes.<PayPal attribute name>}
When you create a new PayPal identity provider entity, the POST request automatically maps the PingOne username attribute to the PayPal user_id attribute. The username attribute is the core mapping attribute; the default PayPal attribute value is user_id. It is also recommended that you map the PingOne email attribute to the PayPal email attribute.
The request body for the email-to-email mapping looks like this, with the value attribute showing the PayPal email attribute expressed using the placeholder syntax:
{
"name": "email",
"update": "EMPTY_ONLY",
"value": "${providerAttributes.email}"
}The POST /environments/{environmentId}/identityProviders operation adds a new identity provider resource to the specified environment.
When the type property value is set to PAYPAL, PayPal’s clientId, clientSecret, and clientEnvironment property values are required in the request body.
| Property | Description |
|---|---|
clientId |
A string that specifies the application ID from PayPal. This is a required property. |
clientSecret |
A string that specifies the application secret from PayPal. This is a required property. |
clientEnvironment |
A string that specifies the PayPal environment. Options are sandbox, and live. This is a required property. |
| Property | Description |
|---|---|
user_id |
A string that specifies the core PayPal attribute. The default value is ${providerAttributes.user_id} and the default update value is EMPTY_ONLY. |
| Permission | Provider attributes |
|---|---|
OpenID Connect scopes: openid, profile, email |
user_id, name, email |
address |
Options are: address.street_address, address.locality, address.region, address.postal_code, address.country |
paypalattributes |
Options are: payer_id, verified_account |