Start an IDP authentication intent

POST /resources/v3alpha/idp_intents

Start a new authentication intent on configured identity provider (IDP) for external login, registration or linking.

Request

application/json
application/grpc
application/grpc-web+proto

Body

required

instance

object

id string

domain string

organization

object

Optionally expect the user to be in this organization.

orgId string

orgDomain string

idpId stringrequired

Possible values: non-empty and <= 200 characters

ID of an existing identity provider (IDP).

urls

object

successUrl stringrequired

Possible values: non-empty and <= 2048 characters

URL to which the user will be redirected after a successful login.

failureUrl stringrequired

Possible values: non-empty and <= 2048 characters

URL to which the user will be redirected after a failed login.

ldap

object

username stringrequired

Possible values: non-empty and <= 200 characters

Username used to login through LDAP.

password stringrequired

Possible values: non-empty and <= 200 characters

Password used to login through LDAP.

Body

required

instance

object

id string

domain string

organization

object

Optionally expect the user to be in this organization.

orgId string

orgDomain string

idpId stringrequired

Possible values: non-empty and <= 200 characters

ID of an existing identity provider (IDP).

urls

object

successUrl stringrequired

Possible values: non-empty and <= 2048 characters

URL to which the user will be redirected after a successful login.

failureUrl stringrequired

Possible values: non-empty and <= 2048 characters

URL to which the user will be redirected after a failed login.

ldap

object

username stringrequired

Possible values: non-empty and <= 200 characters

Username used to login through LDAP.

password stringrequired

Possible values: non-empty and <= 200 characters

Password used to login through LDAP.

Body

required

instance

object

id string

domain string

organization

object

Optionally expect the user to be in this organization.

orgId string

orgDomain string

idpId stringrequired

Possible values: non-empty and <= 200 characters

ID of an existing identity provider (IDP).

urls

object

successUrl stringrequired

Possible values: non-empty and <= 2048 characters

URL to which the user will be redirected after a successful login.

failureUrl stringrequired

Possible values: non-empty and <= 2048 characters

URL to which the user will be redirected after a failed login.

ldap

object

username stringrequired

Possible values: non-empty and <= 200 characters

Username used to login through LDAP.

password stringrequired

Possible values: non-empty and <= 200 characters

Password used to login through LDAP.

Responses

200
403
404
default

IDP intent successfully started

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

details

object

id string

created date-time

the timestamp of the first event applied to the object.

changed date-time

the timestamp of the last event applied to the object.

owner

object

the parent object representing the returned objects context.

type string

Possible values: [OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_SYSTEM, OWNER_TYPE_INSTANCE, OWNER_TYPE_ORG]

Default value: OWNER_TYPE_UNSPECIFIED

id string

authUrl string

The authentication URL to which the client should redirect.

idpIntent

object

The Start Intent directly succeeded and returned the IDP Intent. Further information can be retrieved by using the retrieve identity provider intent request.

idpIntentId string

ID of the identity provider (IDP) intent.

idpIntentToken string

Token of the identity provider (IDP) intent.

userId string

If the user was already federated and linked to a ZITADEL user, it's id will be returned.

postForm byte

The HTML form with the embedded POST call information to render and execute.

{
  "details": {
    "id": "69629012906488334",
    "created": "2024-11-22T16:27:05.769Z",
    "changed": "2024-11-22T16:27:05.769Z",
    "owner": "69629023906488334"
  },
  "authUrl": "https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&callback=https%3A%2F%2Fzitadel.cloud%2Fidps%2Fcallback",
  "idpIntent": {
    "idpIntentId": "163840776835432705",
    "idpIntentToken": "SJKL3ioIDpo342ioqw98fjp3sdf32wahb=",
    "userId": "163840776835432345"
  },
  "postForm": "string"
}

Schema
Example (from schema)

Schema

details

object

id string

created date-time

the timestamp of the first event applied to the object.

changed date-time

the timestamp of the last event applied to the object.

owner

object

the parent object representing the returned objects context.

type string

Possible values: [OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_SYSTEM, OWNER_TYPE_INSTANCE, OWNER_TYPE_ORG]

Default value: OWNER_TYPE_UNSPECIFIED

id string

authUrl string

The authentication URL to which the client should redirect.

idpIntent

object

The Start Intent directly succeeded and returned the IDP Intent. Further information can be retrieved by using the retrieve identity provider intent request.

idpIntentId string

ID of the identity provider (IDP) intent.

idpIntentToken string

Token of the identity provider (IDP) intent.

userId string

If the user was already federated and linked to a ZITADEL user, it's id will be returned.

postForm byte

The HTML form with the embedded POST call information to render and execute.

{
  "details": {
    "id": "69629012906488334",
    "created": "2024-11-22T16:27:05.770Z",
    "changed": "2024-11-22T16:27:05.770Z",
    "owner": "69629023906488334"
  },
  "authUrl": "https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&callback=https%3A%2F%2Fzitadel.cloud%2Fidps%2Fcallback",
  "idpIntent": {
    "idpIntentId": "163840776835432705",
    "idpIntentToken": "SJKL3ioIDpo342ioqw98fjp3sdf32wahb=",
    "userId": "163840776835432345"
  },
  "postForm": "string"
}

Schema
Example (from schema)

Schema

details

object

id string

created date-time

the timestamp of the first event applied to the object.

changed date-time

the timestamp of the last event applied to the object.

owner

object

the parent object representing the returned objects context.

type string

Possible values: [OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_SYSTEM, OWNER_TYPE_INSTANCE, OWNER_TYPE_ORG]

Default value: OWNER_TYPE_UNSPECIFIED

id string

authUrl string

The authentication URL to which the client should redirect.

idpIntent

object

The Start Intent directly succeeded and returned the IDP Intent. Further information can be retrieved by using the retrieve identity provider intent request.

idpIntentId string

ID of the identity provider (IDP) intent.

idpIntentToken string

Token of the identity provider (IDP) intent.

userId string

If the user was already federated and linked to a ZITADEL user, it's id will be returned.

postForm byte

The HTML form with the embedded POST call information to render and execute.

{
  "details": {
    "id": "69629012906488334",
    "created": "2024-11-22T16:27:05.770Z",
    "changed": "2024-11-22T16:27:05.770Z",
    "owner": "69629023906488334"
  },
  "authUrl": "https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&callback=https%3A%2F%2Fzitadel.cloud%2Fidps%2Fcallback",
  "idpIntent": {
    "idpIntentId": "163840776835432705",
    "idpIntentToken": "SJKL3ioIDpo342ioqw98fjp3sdf32wahb=",
    "userId": "163840776835432345"
  },
  "postForm": "string"
}

Returned when the user does not have permission to access the resource.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Start an IDP authentication intent

/resources/v3alpha/idp_intents

Request​

Body

Body

Body

Responses​

Request

Responses