Add Generic OAuth Identity Provider

POST /idps/oauth

Request

application/json
application/grpc
application/grpc-web+proto

Body

required

name string

clientId string

client id generated by the identity provider

clientSecret string

Client secret generated by the identity provider

authorizationEndpoint string

The endpoint where ZITADEL send the user to authenticate

tokenEndpoint string

The endpoint where ZITADEL can get the token

userEndpoint string

The endpoint where ZITADEL can get the user information

scopes string[]

The scopes requested by ZITADEL during the request on the identity provider

idAttribute identifying attribute of the user in the response of the user_endpoint (string)

Identifying attribute of the user in the response of the user_endpoint

providerOptions

object

isLinkingAllowed boolean

Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.

isCreationAllowed boolean

Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.

isAutoCreation boolean

Enable if a new account in ZITADEL should be created automatically when login with an external account.

isAutoUpdate boolean

Enable if a the ZITADEL account fields should be updated automatically on each login.

autoLinking string

Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

Default value: AUTO_LINKING_OPTION_UNSPECIFIED

Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

Body

required

name string

clientId string

client id generated by the identity provider

clientSecret string

Client secret generated by the identity provider

authorizationEndpoint string

The endpoint where ZITADEL send the user to authenticate

tokenEndpoint string

The endpoint where ZITADEL can get the token

userEndpoint string

The endpoint where ZITADEL can get the user information

scopes string[]

The scopes requested by ZITADEL during the request on the identity provider

idAttribute identifying attribute of the user in the response of the user_endpoint (string)

Identifying attribute of the user in the response of the user_endpoint

providerOptions

object

isLinkingAllowed boolean

Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.

isCreationAllowed boolean

isAutoCreation boolean

Enable if a new account in ZITADEL should be created automatically when login with an external account.

isAutoUpdate boolean

Enable if a the ZITADEL account fields should be updated automatically on each login.

autoLinking string

Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

Default value: AUTO_LINKING_OPTION_UNSPECIFIED

Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

Body

required

name string

clientId string

client id generated by the identity provider

clientSecret string

Client secret generated by the identity provider

authorizationEndpoint string

The endpoint where ZITADEL send the user to authenticate

tokenEndpoint string

The endpoint where ZITADEL can get the token

userEndpoint string

The endpoint where ZITADEL can get the user information

scopes string[]

The scopes requested by ZITADEL during the request on the identity provider

idAttribute identifying attribute of the user in the response of the user_endpoint (string)

Identifying attribute of the user in the response of the user_endpoint

providerOptions

object

isLinkingAllowed boolean

Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.

isCreationAllowed boolean

isAutoCreation boolean

Enable if a new account in ZITADEL should be created automatically when login with an external account.

isAutoUpdate boolean

Enable if a the ZITADEL account fields should be updated automatically on each login.

autoLinking string

Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

Default value: AUTO_LINKING_OPTION_UNSPECIFIED

Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

Responses

200
403
404
default

A successful response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

id string

{
  "details": {
    "sequence": "2",
    "creationDate": "2024-11-15T21:46:13.879Z",
    "changeDate": "2024-11-15T21:46:13.879Z",
    "resourceOwner": "69629023906488334"
  },
  "id": "string"
}

Schema
Example (from schema)

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

id string

{
  "details": {
    "sequence": "2",
    "creationDate": "2024-11-15T21:46:13.879Z",
    "changeDate": "2024-11-15T21:46:13.879Z",
    "resourceOwner": "69629023906488334"
  },
  "id": "string"
}

Schema
Example (from schema)

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

id string

{
  "details": {
    "sequence": "2",
    "creationDate": "2024-11-15T21:46:13.879Z",
    "changeDate": "2024-11-15T21:46:13.879Z",
    "resourceOwner": "69629023906488334"
  },
  "id": "string"
}

Returned when the user does not have permission to access the resource.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Add Generic OAuth Identity Provider

/idps/oauth

Request​

Body

Body

Body

Responses​

Request

Responses