Update Generic OAuth Identity Provider

PUT 
https://$CUSTOM-DOMAIN/admin/v1/idps/oauth/:id

Update Generic OAuth Identity Provider

Request

Path Parameters

id stringrequired

application/json

Body

required

name string
clientId string

Client id generated by the identity provider

clientSecret client_secret will only be updated if provided (string)

Client secret will only be updated if provided

authorizationEndpoint string

The endpoint where ZITADEL send the user to authenticate

tokenEndpoint string

The endpoint where ZITADEL can get the token

userEndpoint string

The endpoint where ZITADEL can get the user information

scopes string[]

The scopes requested by ZITADEL during the request on the identity provider

idAttribute identifying attribute of the user in the response of the user_endpoint (string)

Identifying attribute of the user in the response of the user_endpoint

providerOptions

object

isLinkingAllowed boolean

Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.

isCreationAllowed boolean

Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.

isAutoCreation boolean

Enable if a new account in ZITADEL should be created automatically when login with an external account.

isAutoUpdate boolean

Enable if a the ZITADEL account fields should be updated automatically on each login.

autoLinking string

Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

Default value: AUTO_LINKING_OPTION_UNSPECIFIED

Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

usePkce boolean

Enable the use of Proof Key for Code Exchange (PKCE) for the OAuth2 flow.

application/grpc

Body

required

name string
clientId string

Client id generated by the identity provider

clientSecret client_secret will only be updated if provided (string)

Client secret will only be updated if provided

authorizationEndpoint string

The endpoint where ZITADEL send the user to authenticate

tokenEndpoint string

The endpoint where ZITADEL can get the token

userEndpoint string

The endpoint where ZITADEL can get the user information

scopes string[]

The scopes requested by ZITADEL during the request on the identity provider

idAttribute identifying attribute of the user in the response of the user_endpoint (string)

Identifying attribute of the user in the response of the user_endpoint

providerOptions

object

isLinkingAllowed boolean

Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.

isCreationAllowed boolean

Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.

isAutoCreation boolean

Enable if a new account in ZITADEL should be created automatically when login with an external account.

isAutoUpdate boolean

Enable if a the ZITADEL account fields should be updated automatically on each login.

autoLinking string

Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

Default value: AUTO_LINKING_OPTION_UNSPECIFIED

Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

usePkce boolean

Enable the use of Proof Key for Code Exchange (PKCE) for the OAuth2 flow.

application/grpc-web+proto

Body

required

name string
clientId string

Client id generated by the identity provider

clientSecret client_secret will only be updated if provided (string)

Client secret will only be updated if provided

authorizationEndpoint string

The endpoint where ZITADEL send the user to authenticate

tokenEndpoint string

The endpoint where ZITADEL can get the token

userEndpoint string

The endpoint where ZITADEL can get the user information

scopes string[]

The scopes requested by ZITADEL during the request on the identity provider

idAttribute identifying attribute of the user in the response of the user_endpoint (string)

Identifying attribute of the user in the response of the user_endpoint

providerOptions

object

isLinkingAllowed boolean

Enable if users should be able to manually link an existing ZITADEL user with an external account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.

isCreationAllowed boolean

Enable if users should be able to manually create a new account in ZITADEL when using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.

isAutoCreation boolean

Enable if a new account in ZITADEL should be created automatically when login with an external account.

isAutoUpdate boolean

Enable if a the ZITADEL account fields should be updated automatically on each login.

autoLinking string

Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

Default value: AUTO_LINKING_OPTION_UNSPECIFIED

Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

usePkce boolean

Enable the use of Proof Key for Code Exchange (PKCE) for the OAuth2 flow.

Responses

200

A successful response.

application/json

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

Example (from schema)

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-04-03T09:33:13.269Z",
    "changeDate": "2025-04-03T09:33:13.269Z",
    "resourceOwner": "69629023906488334"
  }
}

application/grpc

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

Example (from schema)

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-04-03T09:33:13.270Z",
    "changeDate": "2025-04-03T09:33:13.270Z",
    "resourceOwner": "69629023906488334"
  }
}

application/grpc-web+proto

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

Example (from schema)

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-04-03T09:33:13.270Z",
    "changeDate": "2025-04-03T09:33:13.270Z",
    "resourceOwner": "69629023906488334"
  }
}

403

Returned when the user does not have permission to access the resource.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

404

Returned when the resource does not exist.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

default

An unexpected error response.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

• curl
• python
• go
• nodejs
• ruby
• csharp
• php
• java
• powershell

• CURL

curl -L -X PUT 'https://$CUSTOM-DOMAIN/admin/v1/idps/oauth/:id' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d '{
  "name": "My Provider",
  "clientId": "client-id",
  "clientSecret": "client-secret",
  "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
  "tokenEndpoint": "https://oauth2.googleapis.com/token",
  "userEndpoint": "https://openidconnect.googleapis.com/v1/userinfo",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "idAttribute": "user_id",
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true,
    "autoLinking": "AUTO_LINKING_OPTION_UNSPECIFIED"
  },
  "usePkce": true
}'

Request Collapse all

Base URL

https://$CUSTOM-DOMAIN/admin/v1

Auth

Bearer Token

Parameters

id — pathrequired

Body required

Content-Type

application/jsonapplication/grpcapplication/grpc-web+proto

{
  "name": "My Provider",
  "clientId": "client-id",
  "clientSecret": "client-secret",
  "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
  "tokenEndpoint": "https://oauth2.googleapis.com/token",
  "userEndpoint": "https://openidconnect.googleapis.com/v1/userinfo",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "idAttribute": "user_id",
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true,
    "autoLinking": "AUTO_LINKING_OPTION_UNSPECIFIED"
  },
  "usePkce": true
}

ResponseClear

Click the Send API Request button above and see the response here!