Get Identity Provider By ID
Get Identity Provider By ID
Path Parameters
- id string required
- 200
- default
A successful response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
idp object
id stringdetails object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs tostate stringPossible values: [
IDP_STATE_UNSPECIFIED
,IDP_STATE_ACTIVE
,IDP_STATE_INACTIVE
]Default value:
IDP_STATE_UNSPECIFIED
name stringowner stringPossible values: [
IDP_OWNER_TYPE_UNSPECIFIED
,IDP_OWNER_TYPE_SYSTEM
,IDP_OWNER_TYPE_ORG
]Default value:
IDP_OWNER_TYPE_UNSPECIFIED
the owner of the identity provider.
- IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
- IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
type stringPossible values: [
PROVIDER_TYPE_UNSPECIFIED
,PROVIDER_TYPE_OIDC
,PROVIDER_TYPE_JWT
,PROVIDER_TYPE_LDAP
,PROVIDER_TYPE_OAUTH
,PROVIDER_TYPE_AZURE_AD
,PROVIDER_TYPE_GITHUB
,PROVIDER_TYPE_GITHUB_ES
,PROVIDER_TYPE_GITLAB
,PROVIDER_TYPE_GITLAB_SELF_HOSTED
,PROVIDER_TYPE_GOOGLE
]Default value:
PROVIDER_TYPE_UNSPECIFIED
config object
options object
isLinkingAllowed booleanEnable if users should be able to link an existing ZITADEL user with an external account.
isCreationAllowed booleanEnable if users should be able to create a new account in ZITADEL when using an external account.
isAutoCreation booleanEnable if a new account in ZITADEL should be created automatically when login with an external account.
isAutoUpdate booleanEnable if a the ZITADEL account fields should be updated automatically on each login.
ldap object
servers string[]startTls booleanbaseDn stringbindDn stringuserBase stringuserObjectClasses string[]userFilters string[]timeout stringattributes object
idAttribute stringfirstNameAttribute stringlastNameAttribute stringdisplayNameAttribute stringnickNameAttribute stringpreferredUsernameAttribute stringemailAttribute stringemailVerifiedAttribute stringphoneAttribute stringphoneVerifiedAttribute stringpreferredLanguageAttribute stringavatarUrlAttribute stringprofileAttribute stringgoogle object
clientId stringclient id of the Google application
scopes string[]the scopes requested by ZITADEL during the request to Google
oauth object
clientId stringclient id generated by the identity provider
authorizationEndpoint stringthe endpoint where ZITADEL send the user to authenticate
tokenEndpoint stringthe endpoint where ZITADEL can get the token
userEndpoint stringthe endpoint where ZITADEL can get the user information
scopes string[]the scopes requested by ZITADEL during the request on the identity provider
idAttribute stringdefines how the attribute is called where ZITADEL can get the id of the user
oidc object
issuer stringthe OIDC issuer of the identity provider
clientId stringclient id generated by the identity provider
scopes string[]the scopes requested by ZITADEL during the request on the identity provider
isIdTokenMapping booleanjwt object
jwtEndpoint stringthe endpoint where the JWT can be extracted
issuer stringthe issuer of the JWT (for validation)
keysEndpoint stringthe endpoint to the key (JWK) which is used to sign the JWT with
headerName stringthe name of the header where the JWT is sent in, default is authorization
github object
clientId stringthe client ID of the GitHub App
scopes string[]the scopes requested by ZITADEL during the request to GitHub
githubEs object
clientId stringthe client ID of the GitHub App
authorizationEndpoint stringtokenEndpoint stringuserEndpoint stringscopes string[]the scopes requested by ZITADEL during the request to GitHub
gitlab object
clientId stringclient id of the GitLab application
scopes string[]the scopes requested by ZITADEL during the request to GitLab
gitlabSelfHosted object
issuer stringclientId stringclient id of the GitLab application
scopes string[]the scopes requested by ZITADEL during the request to GitLab
azureAd object
clientId stringclient id of the Azure AD application
tenant object
Defines what user accounts should be able to login (Personal, Organizational, All)
tenantType stringPossible values: [
AZURE_AD_TENANT_TYPE_COMMON
,AZURE_AD_TENANT_TYPE_ORGANISATIONS
,AZURE_AD_TENANT_TYPE_CONSUMERS
]Default value:
AZURE_AD_TENANT_TYPE_COMMON
tenantId stringemailVerified booleanAzure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)
scopes string[]the scopes requested by ZITADEL during the request to Azure AD
{
"idp": {
"id": "69629023906488334",
"details": {
"sequence": "2",
"creationDate": "2023-05-02",
"changeDate": "2023-05-02",
"resourceOwner": "69629023906488334"
},
"state": "IDP_STATE_UNSPECIFIED",
"name": "Google",
"owner": "IDP_OWNER_TYPE_UNSPECIFIED",
"type": "PROVIDER_TYPE_UNSPECIFIED",
"config": {
"options": {
"isLinkingAllowed": true,
"isCreationAllowed": true,
"isAutoCreation": true,
"isAutoUpdate": true
},
"ldap": {
"servers": [
"string"
],
"startTls": true,
"baseDn": "string",
"bindDn": "string",
"userBase": "string",
"userObjectClasses": [
"string"
],
"userFilters": [
"string"
],
"timeout": "string",
"attributes": {
"idAttribute": "string",
"firstNameAttribute": "string",
"lastNameAttribute": "string",
"displayNameAttribute": "string",
"nickNameAttribute": "string",
"preferredUsernameAttribute": "string",
"emailAttribute": "string",
"emailVerifiedAttribute": "string",
"phoneAttribute": "string",
"phoneVerifiedAttribute": "string",
"preferredLanguageAttribute": "string",
"avatarUrlAttribute": "string",
"profileAttribute": "string"
}
},
"google": {
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"oauth": {
"clientId": "client-id",
"authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenEndpoint": "https://oauth2.googleapis.com/token",
"userEndpoint": "https://openidconnect.googleapis.com/v1/userinfo",
"scopes": [
"openid",
"profile",
"email"
],
"idAttribute": "user_id"
},
"oidc": {
"issuer": "https://accounts.google.com/",
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
],
"isIdTokenMapping": true
},
"jwt": {
"jwtEndpoint": "https://accounts.google.com",
"issuer": "https://accounts.google.com",
"keysEndpoint": "https://accounts.google.com/keys",
"headerName": "x-auth-token"
},
"github": {
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"githubEs": {
"clientId": "client-id",
"authorizationEndpoint": "string",
"tokenEndpoint": "string",
"userEndpoint": "string",
"scopes": [
"openid",
"profile",
"email"
]
},
"gitlab": {
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"gitlabSelfHosted": {
"issuer": "string",
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"azureAd": {
"clientId": "client-id",
"tenant": {
"tenantType": "AZURE_AD_TENANT_TYPE_COMMON",
"tenantId": "string"
},
"emailVerified": true,
"scopes": [
"openid",
"profile",
"email",
"User.Read"
]
}
}
}
}
- Schema
- Example (from schema)
Schema
idp object
id stringdetails object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs tostate stringPossible values: [
IDP_STATE_UNSPECIFIED
,IDP_STATE_ACTIVE
,IDP_STATE_INACTIVE
]Default value:
IDP_STATE_UNSPECIFIED
name stringowner stringPossible values: [
IDP_OWNER_TYPE_UNSPECIFIED
,IDP_OWNER_TYPE_SYSTEM
,IDP_OWNER_TYPE_ORG
]Default value:
IDP_OWNER_TYPE_UNSPECIFIED
the owner of the identity provider.
- IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
- IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
type stringPossible values: [
PROVIDER_TYPE_UNSPECIFIED
,PROVIDER_TYPE_OIDC
,PROVIDER_TYPE_JWT
,PROVIDER_TYPE_LDAP
,PROVIDER_TYPE_OAUTH
,PROVIDER_TYPE_AZURE_AD
,PROVIDER_TYPE_GITHUB
,PROVIDER_TYPE_GITHUB_ES
,PROVIDER_TYPE_GITLAB
,PROVIDER_TYPE_GITLAB_SELF_HOSTED
,PROVIDER_TYPE_GOOGLE
]Default value:
PROVIDER_TYPE_UNSPECIFIED
config object
options object
isLinkingAllowed booleanEnable if users should be able to link an existing ZITADEL user with an external account.
isCreationAllowed booleanEnable if users should be able to create a new account in ZITADEL when using an external account.
isAutoCreation booleanEnable if a new account in ZITADEL should be created automatically when login with an external account.
isAutoUpdate booleanEnable if a the ZITADEL account fields should be updated automatically on each login.
ldap object
servers string[]startTls booleanbaseDn stringbindDn stringuserBase stringuserObjectClasses string[]userFilters string[]timeout stringattributes object
idAttribute stringfirstNameAttribute stringlastNameAttribute stringdisplayNameAttribute stringnickNameAttribute stringpreferredUsernameAttribute stringemailAttribute stringemailVerifiedAttribute stringphoneAttribute stringphoneVerifiedAttribute stringpreferredLanguageAttribute stringavatarUrlAttribute stringprofileAttribute stringgoogle object
clientId stringclient id of the Google application
scopes string[]the scopes requested by ZITADEL during the request to Google
oauth object
clientId stringclient id generated by the identity provider
authorizationEndpoint stringthe endpoint where ZITADEL send the user to authenticate
tokenEndpoint stringthe endpoint where ZITADEL can get the token
userEndpoint stringthe endpoint where ZITADEL can get the user information
scopes string[]the scopes requested by ZITADEL during the request on the identity provider
idAttribute stringdefines how the attribute is called where ZITADEL can get the id of the user
oidc object
issuer stringthe OIDC issuer of the identity provider
clientId stringclient id generated by the identity provider
scopes string[]the scopes requested by ZITADEL during the request on the identity provider
isIdTokenMapping booleanjwt object
jwtEndpoint stringthe endpoint where the JWT can be extracted
issuer stringthe issuer of the JWT (for validation)
keysEndpoint stringthe endpoint to the key (JWK) which is used to sign the JWT with
headerName stringthe name of the header where the JWT is sent in, default is authorization
github object
clientId stringthe client ID of the GitHub App
scopes string[]the scopes requested by ZITADEL during the request to GitHub
githubEs object
clientId stringthe client ID of the GitHub App
authorizationEndpoint stringtokenEndpoint stringuserEndpoint stringscopes string[]the scopes requested by ZITADEL during the request to GitHub
gitlab object
clientId stringclient id of the GitLab application
scopes string[]the scopes requested by ZITADEL during the request to GitLab
gitlabSelfHosted object
issuer stringclientId stringclient id of the GitLab application
scopes string[]the scopes requested by ZITADEL during the request to GitLab
azureAd object
clientId stringclient id of the Azure AD application
tenant object
Defines what user accounts should be able to login (Personal, Organizational, All)
tenantType stringPossible values: [
AZURE_AD_TENANT_TYPE_COMMON
,AZURE_AD_TENANT_TYPE_ORGANISATIONS
,AZURE_AD_TENANT_TYPE_CONSUMERS
]Default value:
AZURE_AD_TENANT_TYPE_COMMON
tenantId stringemailVerified booleanAzure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)
scopes string[]the scopes requested by ZITADEL during the request to Azure AD
{
"idp": {
"id": "69629023906488334",
"details": {
"sequence": "2",
"creationDate": "2023-05-02",
"changeDate": "2023-05-02",
"resourceOwner": "69629023906488334"
},
"state": "IDP_STATE_UNSPECIFIED",
"name": "Google",
"owner": "IDP_OWNER_TYPE_UNSPECIFIED",
"type": "PROVIDER_TYPE_UNSPECIFIED",
"config": {
"options": {
"isLinkingAllowed": true,
"isCreationAllowed": true,
"isAutoCreation": true,
"isAutoUpdate": true
},
"ldap": {
"servers": [
"string"
],
"startTls": true,
"baseDn": "string",
"bindDn": "string",
"userBase": "string",
"userObjectClasses": [
"string"
],
"userFilters": [
"string"
],
"timeout": "string",
"attributes": {
"idAttribute": "string",
"firstNameAttribute": "string",
"lastNameAttribute": "string",
"displayNameAttribute": "string",
"nickNameAttribute": "string",
"preferredUsernameAttribute": "string",
"emailAttribute": "string",
"emailVerifiedAttribute": "string",
"phoneAttribute": "string",
"phoneVerifiedAttribute": "string",
"preferredLanguageAttribute": "string",
"avatarUrlAttribute": "string",
"profileAttribute": "string"
}
},
"google": {
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"oauth": {
"clientId": "client-id",
"authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenEndpoint": "https://oauth2.googleapis.com/token",
"userEndpoint": "https://openidconnect.googleapis.com/v1/userinfo",
"scopes": [
"openid",
"profile",
"email"
],
"idAttribute": "user_id"
},
"oidc": {
"issuer": "https://accounts.google.com/",
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
],
"isIdTokenMapping": true
},
"jwt": {
"jwtEndpoint": "https://accounts.google.com",
"issuer": "https://accounts.google.com",
"keysEndpoint": "https://accounts.google.com/keys",
"headerName": "x-auth-token"
},
"github": {
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"githubEs": {
"clientId": "client-id",
"authorizationEndpoint": "string",
"tokenEndpoint": "string",
"userEndpoint": "string",
"scopes": [
"openid",
"profile",
"email"
]
},
"gitlab": {
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"gitlabSelfHosted": {
"issuer": "string",
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"azureAd": {
"clientId": "client-id",
"tenant": {
"tenantType": "AZURE_AD_TENANT_TYPE_COMMON",
"tenantId": "string"
},
"emailVerified": true,
"scopes": [
"openid",
"profile",
"email",
"User.Read"
]
}
}
}
}
- Schema
- Example (from schema)
Schema
idp object
id stringdetails object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs tostate stringPossible values: [
IDP_STATE_UNSPECIFIED
,IDP_STATE_ACTIVE
,IDP_STATE_INACTIVE
]Default value:
IDP_STATE_UNSPECIFIED
name stringowner stringPossible values: [
IDP_OWNER_TYPE_UNSPECIFIED
,IDP_OWNER_TYPE_SYSTEM
,IDP_OWNER_TYPE_ORG
]Default value:
IDP_OWNER_TYPE_UNSPECIFIED
the owner of the identity provider.
- IDP_OWNER_TYPE_SYSTEM: system is managed by the ZITADEL administrators
- IDP_OWNER_TYPE_ORG: org is managed by de organization administrators
type stringPossible values: [
PROVIDER_TYPE_UNSPECIFIED
,PROVIDER_TYPE_OIDC
,PROVIDER_TYPE_JWT
,PROVIDER_TYPE_LDAP
,PROVIDER_TYPE_OAUTH
,PROVIDER_TYPE_AZURE_AD
,PROVIDER_TYPE_GITHUB
,PROVIDER_TYPE_GITHUB_ES
,PROVIDER_TYPE_GITLAB
,PROVIDER_TYPE_GITLAB_SELF_HOSTED
,PROVIDER_TYPE_GOOGLE
]Default value:
PROVIDER_TYPE_UNSPECIFIED
config object
options object
isLinkingAllowed booleanEnable if users should be able to link an existing ZITADEL user with an external account.
isCreationAllowed booleanEnable if users should be able to create a new account in ZITADEL when using an external account.
isAutoCreation booleanEnable if a new account in ZITADEL should be created automatically when login with an external account.
isAutoUpdate booleanEnable if a the ZITADEL account fields should be updated automatically on each login.
ldap object
servers string[]startTls booleanbaseDn stringbindDn stringuserBase stringuserObjectClasses string[]userFilters string[]timeout stringattributes object
idAttribute stringfirstNameAttribute stringlastNameAttribute stringdisplayNameAttribute stringnickNameAttribute stringpreferredUsernameAttribute stringemailAttribute stringemailVerifiedAttribute stringphoneAttribute stringphoneVerifiedAttribute stringpreferredLanguageAttribute stringavatarUrlAttribute stringprofileAttribute stringgoogle object
clientId stringclient id of the Google application
scopes string[]the scopes requested by ZITADEL during the request to Google
oauth object
clientId stringclient id generated by the identity provider
authorizationEndpoint stringthe endpoint where ZITADEL send the user to authenticate
tokenEndpoint stringthe endpoint where ZITADEL can get the token
userEndpoint stringthe endpoint where ZITADEL can get the user information
scopes string[]the scopes requested by ZITADEL during the request on the identity provider
idAttribute stringdefines how the attribute is called where ZITADEL can get the id of the user
oidc object
issuer stringthe OIDC issuer of the identity provider
clientId stringclient id generated by the identity provider
scopes string[]the scopes requested by ZITADEL during the request on the identity provider
isIdTokenMapping booleanjwt object
jwtEndpoint stringthe endpoint where the JWT can be extracted
issuer stringthe issuer of the JWT (for validation)
keysEndpoint stringthe endpoint to the key (JWK) which is used to sign the JWT with
headerName stringthe name of the header where the JWT is sent in, default is authorization
github object
clientId stringthe client ID of the GitHub App
scopes string[]the scopes requested by ZITADEL during the request to GitHub
githubEs object
clientId stringthe client ID of the GitHub App
authorizationEndpoint stringtokenEndpoint stringuserEndpoint stringscopes string[]the scopes requested by ZITADEL during the request to GitHub
gitlab object
clientId stringclient id of the GitLab application
scopes string[]the scopes requested by ZITADEL during the request to GitLab
gitlabSelfHosted object
issuer stringclientId stringclient id of the GitLab application
scopes string[]the scopes requested by ZITADEL during the request to GitLab
azureAd object
clientId stringclient id of the Azure AD application
tenant object
Defines what user accounts should be able to login (Personal, Organizational, All)
tenantType stringPossible values: [
AZURE_AD_TENANT_TYPE_COMMON
,AZURE_AD_TENANT_TYPE_ORGANISATIONS
,AZURE_AD_TENANT_TYPE_CONSUMERS
]Default value:
AZURE_AD_TENANT_TYPE_COMMON
tenantId stringemailVerified booleanAzure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)
scopes string[]the scopes requested by ZITADEL during the request to Azure AD
{
"idp": {
"id": "69629023906488334",
"details": {
"sequence": "2",
"creationDate": "2023-05-02",
"changeDate": "2023-05-02",
"resourceOwner": "69629023906488334"
},
"state": "IDP_STATE_UNSPECIFIED",
"name": "Google",
"owner": "IDP_OWNER_TYPE_UNSPECIFIED",
"type": "PROVIDER_TYPE_UNSPECIFIED",
"config": {
"options": {
"isLinkingAllowed": true,
"isCreationAllowed": true,
"isAutoCreation": true,
"isAutoUpdate": true
},
"ldap": {
"servers": [
"string"
],
"startTls": true,
"baseDn": "string",
"bindDn": "string",
"userBase": "string",
"userObjectClasses": [
"string"
],
"userFilters": [
"string"
],
"timeout": "string",
"attributes": {
"idAttribute": "string",
"firstNameAttribute": "string",
"lastNameAttribute": "string",
"displayNameAttribute": "string",
"nickNameAttribute": "string",
"preferredUsernameAttribute": "string",
"emailAttribute": "string",
"emailVerifiedAttribute": "string",
"phoneAttribute": "string",
"phoneVerifiedAttribute": "string",
"preferredLanguageAttribute": "string",
"avatarUrlAttribute": "string",
"profileAttribute": "string"
}
},
"google": {
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"oauth": {
"clientId": "client-id",
"authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenEndpoint": "https://oauth2.googleapis.com/token",
"userEndpoint": "https://openidconnect.googleapis.com/v1/userinfo",
"scopes": [
"openid",
"profile",
"email"
],
"idAttribute": "user_id"
},
"oidc": {
"issuer": "https://accounts.google.com/",
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
],
"isIdTokenMapping": true
},
"jwt": {
"jwtEndpoint": "https://accounts.google.com",
"issuer": "https://accounts.google.com",
"keysEndpoint": "https://accounts.google.com/keys",
"headerName": "x-auth-token"
},
"github": {
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"githubEs": {
"clientId": "client-id",
"authorizationEndpoint": "string",
"tokenEndpoint": "string",
"userEndpoint": "string",
"scopes": [
"openid",
"profile",
"email"
]
},
"gitlab": {
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"gitlabSelfHosted": {
"issuer": "string",
"clientId": "client-id",
"scopes": [
"openid",
"profile",
"email"
]
},
"azureAd": {
"clientId": "client-id",
"tenant": {
"tenantType": "AZURE_AD_TENANT_TYPE_COMMON",
"tenantId": "string"
},
"emailVerified": true,
"scopes": [
"openid",
"profile",
"email",
"User.Read"
]
}
}
}
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}