Skip to main content

Deprecated: Update OIDC Identity Provider (IDP)​

deprecated

This endpoint has been deprecated and may be removed in future versions of the API.

Update the OIDC-specific configuration of an identity provider. All fields will be updated. If a field has no value it will be empty afterward.

Path Parameters
    idpId string required
Request Body required
    issuer string required

    Possible values: non-empty and <= 200 characters

    the oidc issuer of the identity provider

    clientId string required

    Possible values: non-empty and <= 200 characters

    client id generated by the identity provider

    clientSecret string

    Possible values: <= 200 characters

    client secret generated by the identity provider. If empty the secret is not overwritten

    scopes string[]

    the scopes requested by ZITADEL during the request on the identity provider

    displayNameMapping string

    Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

    Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

    definition which field is mapped to the display name of the user

    usernameMapping string

    Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

    Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

    definition which field is mapped to the email of the user

Responses

OIDC config updated

Schema
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to
PUT /idps/:idpId/oidc_config

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN/admin/v1
Bearer Token
idpId — path required
Content-Type
Body required
{

  "issuer": "https://accounts.google.com",

  "clientId": "string",

  "clientSecret": "string",

  "scopes": [

    "openid",

    "profile",

    "email"

  ],

  "displayNameMapping": "OIDC_MAPPING_FIELD_UNSPECIFIED",

  "usernameMapping": "OIDC_MAPPING_FIELD_UNSPECIFIED"

}
Accept
curl / cURL
curl -L -X PUT 'https://$CUSTOM-DOMAIN/admin/v1/idps/:idpId/oidc_config' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "issuer": "https://accounts.google.com",
  "clientId": "string",
  "clientSecret": "string",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "displayNameMapping": "OIDC_MAPPING_FIELD_UNSPECIFIED",
  "usernameMapping": "OIDC_MAPPING_FIELD_UNSPECIFIED"
}'