Retrieve the information returned by the identity provider
POST/v2/idp_intents/:idpIntentId
Retrieve the information returned by the identity provider for registration or updating an existing user with new information..
Request​
Path Parameters
ID of the idp intent, previously returned on the success response of the IDP callback
- application/json
- application/grpc
- application/grpc-web+proto
Body
required
Possible values: non-empty
and <= 200 characters
token of the idp intent, previously returned on the success response of the IDP callback
Body
required
Possible values: non-empty
and <= 200 characters
token of the idp intent, previously returned on the success response of the IDP callback
Body
required
Possible values: non-empty
and <= 200 characters
token of the idp intent, previously returned on the success response of the IDP callback
Responses​
- 200
- 403
- 404
- default
OK
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
idpInformation
object
oauth
object
OAuth/OIDC access (and id_token) returned by the identity provider
ldap
object
LDAP entity attributes returned by the identity provider
saml
object
SAMLResponse returned by the identity provider
ID of the identity provider
ID of the user of the identity provider
username of the user of the identity provider
complete information returned by the identity provider
ID of the user in ZITADEL if external user is linked
addHumanUser
object
Possible values: non-empty
and <= 200 characters
optionally set your own id unique for the user.
Possible values: non-empty
and <= 200 characters
optionally set a unique username, if none is provided the email will be used.
organization
object
profile
object
required
Possible values: non-empty
and <= 200 characters
Possible values: non-empty
and <= 200 characters
Possible values: <= 200 characters
Possible values: <= 200 characters
Possible values: <= 10 characters
Possible values: [GENDER_UNSPECIFIED
, GENDER_FEMALE
, GENDER_MALE
, GENDER_DIVERSE
]
Default value: GENDER_UNSPECIFIED
email
object
required
Possible values: non-empty
and <= 200 characters
sendCode
object
Possible values: non-empty
and <= 200 characters
Optionally set a url_template, which will be used in the verification mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used.
The following placeholders can be used: UserID, OrgID, Code
phone
object
Possible values: <= 200 characters
metadata
object[]
Possible values: non-empty
and <= 200 characters
Possible values: non-empty
and <= 500000 characters
The value has to be base64 encoded.
password
object
Possible values: non-empty
and <= 200 characters
hashedPassword
object
Possible values: non-empty
and <= 200 characters
"Encoded hash of a password in Modular Crypt Format: https://zitadel.com/docs/concepts/architecture/secrets#hashed-secrets"
idpLinks
object[]
Possible values: non-empty
and <= 200 characters
ID of the identity provider
Possible values: non-empty
and <= 200 characters
ID of the user of the identity provider
Possible values: non-empty
and <= 200 characters
username of the user of the identity provider
Possible values: non-empty
and <= 200 characters
An Implementation of RFC 6238 is used, with HMAC-SHA-1 and time-step of 30 seconds. Currently no other options are supported, and if anything different is used the validation will fail.
{
"details": {
"sequence": "2",
"changeDate": "2025-03-28T12:37:40.126Z",
"resourceOwner": "69629023906488334",
"creationDate": "2025-03-28T12:37:40.126Z"
},
"idpInformation": {
"oauth": {
"accessToken": "string",
"idToken": "string"
},
"ldap": {
"attributes": {}
},
"saml": {
"assertion": "string"
},
"idpId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
"userId": "6516849804890468048461403518",
"userName": "user@external.com",
"rawInformation": {}
},
"userId": "163840776835432345",
"addHumanUser": {
"userId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
"username": "minnie-mouse",
"organization": {
"orgId": "string",
"orgDomain": "string"
},
"profile": {
"givenName": "Minnie",
"familyName": "Mouse",
"nickName": "Mini",
"displayName": "Minnie Mouse",
"preferredLanguage": "en",
"gender": "GENDER_FEMALE"
},
"email": {
"email": "mini@mouse.com",
"sendCode": {
"urlTemplate": "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}"
},
"returnCode": {},
"isVerified": true
},
"phone": {
"phone": "+41791234567",
"sendCode": {},
"returnCode": {},
"isVerified": true
},
"metadata": [
{
"key": "my-key",
"value": "VGhpcyBpcyBteSB0ZXN0IHZhbHVl"
}
],
"password": {
"password": "Secr3tP4ssw0rd!",
"changeRequired": true
},
"hashedPassword": {
"hash": "$2a$12$lJ08fqVr8bFJilRVnDT9QeULI7YW.nT3iwUv6dyg0aCrfm3UY8XR2",
"changeRequired": true
},
"idpLinks": [
{
"idpId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
"userId": "6516849804890468048461403518",
"userName": "user@external.com"
}
],
"totpSecret": "TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK"
}
}
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
idpInformation
object
oauth
object
OAuth/OIDC access (and id_token) returned by the identity provider
ldap
object
LDAP entity attributes returned by the identity provider
saml
object
SAMLResponse returned by the identity provider
ID of the identity provider
ID of the user of the identity provider
username of the user of the identity provider
complete information returned by the identity provider
ID of the user in ZITADEL if external user is linked
addHumanUser
object
Possible values: non-empty
and <= 200 characters
optionally set your own id unique for the user.
Possible values: non-empty
and <= 200 characters
optionally set a unique username, if none is provided the email will be used.
organization
object
profile
object
required
Possible values: non-empty
and <= 200 characters
Possible values: non-empty
and <= 200 characters
Possible values: <= 200 characters
Possible values: <= 200 characters
Possible values: <= 10 characters
Possible values: [GENDER_UNSPECIFIED
, GENDER_FEMALE
, GENDER_MALE
, GENDER_DIVERSE
]
Default value: GENDER_UNSPECIFIED
email
object
required
Possible values: non-empty
and <= 200 characters
sendCode
object
Possible values: non-empty
and <= 200 characters
Optionally set a url_template, which will be used in the verification mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used.
The following placeholders can be used: UserID, OrgID, Code
phone
object
Possible values: <= 200 characters
metadata
object[]
Possible values: non-empty
and <= 200 characters
Possible values: non-empty
and <= 500000 characters
The value has to be base64 encoded.
password
object
Possible values: non-empty
and <= 200 characters
hashedPassword
object
Possible values: non-empty
and <= 200 characters
"Encoded hash of a password in Modular Crypt Format: https://zitadel.com/docs/concepts/architecture/secrets#hashed-secrets"
idpLinks
object[]
Possible values: non-empty
and <= 200 characters
ID of the identity provider
Possible values: non-empty
and <= 200 characters
ID of the user of the identity provider
Possible values: non-empty
and <= 200 characters
username of the user of the identity provider
Possible values: non-empty
and <= 200 characters
An Implementation of RFC 6238 is used, with HMAC-SHA-1 and time-step of 30 seconds. Currently no other options are supported, and if anything different is used the validation will fail.
{
"details": {
"sequence": "2",
"changeDate": "2025-03-28T12:37:40.130Z",
"resourceOwner": "69629023906488334",
"creationDate": "2025-03-28T12:37:40.130Z"
},
"idpInformation": {
"oauth": {
"accessToken": "string",
"idToken": "string"
},
"ldap": {
"attributes": {}
},
"saml": {
"assertion": "string"
},
"idpId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
"userId": "6516849804890468048461403518",
"userName": "user@external.com",
"rawInformation": {}
},
"userId": "163840776835432345",
"addHumanUser": {
"userId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
"username": "minnie-mouse",
"organization": {
"orgId": "string",
"orgDomain": "string"
},
"profile": {
"givenName": "Minnie",
"familyName": "Mouse",
"nickName": "Mini",
"displayName": "Minnie Mouse",
"preferredLanguage": "en",
"gender": "GENDER_FEMALE"
},
"email": {
"email": "mini@mouse.com",
"sendCode": {
"urlTemplate": "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}"
},
"returnCode": {},
"isVerified": true
},
"phone": {
"phone": "+41791234567",
"sendCode": {},
"returnCode": {},
"isVerified": true
},
"metadata": [
{
"key": "my-key",
"value": "VGhpcyBpcyBteSB0ZXN0IHZhbHVl"
}
],
"password": {
"password": "Secr3tP4ssw0rd!",
"changeRequired": true
},
"hashedPassword": {
"hash": "$2a$12$lJ08fqVr8bFJilRVnDT9QeULI7YW.nT3iwUv6dyg0aCrfm3UY8XR2",
"changeRequired": true
},
"idpLinks": [
{
"idpId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
"userId": "6516849804890468048461403518",
"userName": "user@external.com"
}
],
"totpSecret": "TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK"
}
}
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
idpInformation
object
oauth
object
OAuth/OIDC access (and id_token) returned by the identity provider
ldap
object
LDAP entity attributes returned by the identity provider
saml
object
SAMLResponse returned by the identity provider
ID of the identity provider
ID of the user of the identity provider
username of the user of the identity provider
complete information returned by the identity provider
ID of the user in ZITADEL if external user is linked
addHumanUser
object
Possible values: non-empty
and <= 200 characters
optionally set your own id unique for the user.
Possible values: non-empty
and <= 200 characters
optionally set a unique username, if none is provided the email will be used.
organization
object
profile
object
required
Possible values: non-empty
and <= 200 characters
Possible values: non-empty
and <= 200 characters
Possible values: <= 200 characters
Possible values: <= 200 characters
Possible values: <= 10 characters
Possible values: [GENDER_UNSPECIFIED
, GENDER_FEMALE
, GENDER_MALE
, GENDER_DIVERSE
]
Default value: GENDER_UNSPECIFIED
email
object
required
Possible values: non-empty
and <= 200 characters
sendCode
object
Possible values: non-empty
and <= 200 characters
Optionally set a url_template, which will be used in the verification mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used.
The following placeholders can be used: UserID, OrgID, Code
phone
object
Possible values: <= 200 characters
metadata
object[]
Possible values: non-empty
and <= 200 characters
Possible values: non-empty
and <= 500000 characters
The value has to be base64 encoded.
password
object
Possible values: non-empty
and <= 200 characters
hashedPassword
object
Possible values: non-empty
and <= 200 characters
"Encoded hash of a password in Modular Crypt Format: https://zitadel.com/docs/concepts/architecture/secrets#hashed-secrets"
idpLinks
object[]
Possible values: non-empty
and <= 200 characters
ID of the identity provider
Possible values: non-empty
and <= 200 characters
ID of the user of the identity provider
Possible values: non-empty
and <= 200 characters
username of the user of the identity provider
Possible values: non-empty
and <= 200 characters
An Implementation of RFC 6238 is used, with HMAC-SHA-1 and time-step of 30 seconds. Currently no other options are supported, and if anything different is used the validation will fail.
{
"details": {
"sequence": "2",
"changeDate": "2025-03-28T12:37:40.132Z",
"resourceOwner": "69629023906488334",
"creationDate": "2025-03-28T12:37:40.132Z"
},
"idpInformation": {
"oauth": {
"accessToken": "string",
"idToken": "string"
},
"ldap": {
"attributes": {}
},
"saml": {
"assertion": "string"
},
"idpId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
"userId": "6516849804890468048461403518",
"userName": "user@external.com",
"rawInformation": {}
},
"userId": "163840776835432345",
"addHumanUser": {
"userId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
"username": "minnie-mouse",
"organization": {
"orgId": "string",
"orgDomain": "string"
},
"profile": {
"givenName": "Minnie",
"familyName": "Mouse",
"nickName": "Mini",
"displayName": "Minnie Mouse",
"preferredLanguage": "en",
"gender": "GENDER_FEMALE"
},
"email": {
"email": "mini@mouse.com",
"sendCode": {
"urlTemplate": "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}"
},
"returnCode": {},
"isVerified": true
},
"phone": {
"phone": "+41791234567",
"sendCode": {},
"returnCode": {},
"isVerified": true
},
"metadata": [
{
"key": "my-key",
"value": "VGhpcyBpcyBteSB0ZXN0IHZhbHVl"
}
],
"password": {
"password": "Secr3tP4ssw0rd!",
"changeRequired": true
},
"hashedPassword": {
"hash": "$2a$12$lJ08fqVr8bFJilRVnDT9QeULI7YW.nT3iwUv6dyg0aCrfm3UY8XR2",
"changeRequired": true
},
"idpLinks": [
{
"idpId": "d654e6ba-70a3-48ef-a95d-37c8d8a7901a",
"userId": "6516849804890468048461403518",
"userName": "user@external.com"
}
],
"totpSecret": "TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK"
}
}
Returned when the user does not have permission to access the resource.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Returned when the resource does not exist.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}