Deprecated: Add OIDC Identity Provider (IDP)

POST /idps/oidc

deprecated

Create a new identity provider configuration on the organization to enable your users to log in with social/enterprise login. The provider has to be OIDC-compliant. This configuration can only be used by the organization itself.

Request

Header Parameters

x-zitadel-orgid string

The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

application/json
application/grpc
application/grpc-web+proto

Body

required

name stringrequired

Possible values: non-empty and <= 200 characters

stylingType string

Possible values: [STYLING_TYPE_UNSPECIFIED, STYLING_TYPE_GOOGLE]

Default value: STYLING_TYPE_UNSPECIFIED

some identity providers specify the styling of the button to their login

clientId stringrequired

Possible values: non-empty and <= 200 characters

client id generated by the identity provider

clientSecret stringrequired

Possible values: non-empty and <= 200 characters

client secret generated by the identity provider

issuer stringrequired

the OIDC issuer of the identity provider

scopes string[]

the scopes requested by ZITADEL during the request on the identity provider

displayNameMapping string

Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

definition which field is mapped to the display name of the user

usernameMapping string

Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

definition which field is mapped to the email of the user

autoRegister boolean

Body

required

name stringrequired

Possible values: non-empty and <= 200 characters

stylingType string

Possible values: [STYLING_TYPE_UNSPECIFIED, STYLING_TYPE_GOOGLE]

Default value: STYLING_TYPE_UNSPECIFIED

some identity providers specify the styling of the button to their login

clientId stringrequired

Possible values: non-empty and <= 200 characters

client id generated by the identity provider

clientSecret stringrequired

Possible values: non-empty and <= 200 characters

client secret generated by the identity provider

issuer stringrequired

the OIDC issuer of the identity provider

scopes string[]

the scopes requested by ZITADEL during the request on the identity provider

displayNameMapping string

Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

definition which field is mapped to the display name of the user

usernameMapping string

Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

definition which field is mapped to the email of the user

autoRegister boolean

Body

required

name stringrequired

Possible values: non-empty and <= 200 characters

stylingType string

Possible values: [STYLING_TYPE_UNSPECIFIED, STYLING_TYPE_GOOGLE]

Default value: STYLING_TYPE_UNSPECIFIED

some identity providers specify the styling of the button to their login

clientId stringrequired

Possible values: non-empty and <= 200 characters

client id generated by the identity provider

clientSecret stringrequired

Possible values: non-empty and <= 200 characters

client secret generated by the identity provider

issuer stringrequired

the OIDC issuer of the identity provider

scopes string[]

the scopes requested by ZITADEL during the request on the identity provider

displayNameMapping string

Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

definition which field is mapped to the display name of the user

usernameMapping string

Possible values: [OIDC_MAPPING_FIELD_UNSPECIFIED, OIDC_MAPPING_FIELD_PREFERRED_USERNAME, OIDC_MAPPING_FIELD_EMAIL]

Default value: OIDC_MAPPING_FIELD_UNSPECIFIED

definition which field is mapped to the email of the user

autoRegister boolean

Responses

200
default

A successful response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

idpId string

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-05-08T15:15:58.822Z",
    "changeDate": "2025-05-08T15:15:58.822Z",
    "resourceOwner": "69629023906488334"
  },
  "idpId": "69234230193872955"
}

Schema
Example (from schema)

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

idpId string

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-05-08T15:15:58.822Z",
    "changeDate": "2025-05-08T15:15:58.822Z",
    "resourceOwner": "69629023906488334"
  },
  "idpId": "69234230193872955"
}

Schema
Example (from schema)

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

idpId string

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-05-08T15:15:58.822Z",
    "changeDate": "2025-05-08T15:15:58.822Z",
    "resourceOwner": "69629023906488334"
  },
  "idpId": "69234230193872955"
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Deprecated: Add OIDC Identity Provider (IDP)

/idps/oidc

Request​

Header Parameters

Body

Body

Body

Responses​

Request

Responses