Update OIDC Application Config
Update the OIDC specific configuration of an application.
Path Parameters
- projectId string required
- appId string required
Header Parameters
- x-zitadel-orgid string
The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.
- application/json
- application/grpc
- application/grpc-web+proto
Request Body required
- redirectUris string[]
Callback URI of the authorization request where the code or tokens will be sent to
- responseTypes string[]
Possible values: [
OIDC_RESPONSE_TYPE_CODE
,OIDC_RESPONSE_TYPE_ID_TOKEN
,OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
]Determines whether a code, id_token token or just id_token will be returned
- grantTypes string[]
Possible values: [
OIDC_GRANT_TYPE_AUTHORIZATION_CODE
,OIDC_GRANT_TYPE_IMPLICIT
,OIDC_GRANT_TYPE_REFRESH_TOKEN
,OIDC_GRANT_TYPE_DEVICE_CODE
]The flow type the application uses to gain access
- appType string
Possible values: [
OIDC_APP_TYPE_WEB
,OIDC_APP_TYPE_USER_AGENT
,OIDC_APP_TYPE_NATIVE
]Default value:
OIDC_APP_TYPE_WEB
Determines the paradigm of the application
- authMethodType string
Possible values: [
OIDC_AUTH_METHOD_TYPE_BASIC
,OIDC_AUTH_METHOD_TYPE_POST
,OIDC_AUTH_METHOD_TYPE_NONE
,OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
]Default value:
OIDC_AUTH_METHOD_TYPE_BASIC
Defines how the application passes login credentials
- postLogoutRedirectUris string[]
ZITADEL will redirect to this link after a successful logout
- devMode boolean
Used for development, some checks of the OIDC specification will not be checked.
- accessTokenType string
Possible values: [
OIDC_TOKEN_TYPE_BEARER
,OIDC_TOKEN_TYPE_JWT
]Default value:
OIDC_TOKEN_TYPE_BEARER
Type of the access token returned from ZITADEL
- accessTokenRoleAssertion boolean
Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes
- idTokenRoleAssertion boolean
Adds roles to the claims of the id token even if they are not requested by scopes
- idTokenUserinfoAssertion boolean
Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification
- clockSkew string
Used to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims
- additionalOrigins string[]
Additional origins (other than the redirect_uris) from where the API can be used
- skipNativeAppSuccessPage boolean
Skip the successful login page on native apps and directly redirect the user to the callback.
Request Body required
- redirectUris string[]
Callback URI of the authorization request where the code or tokens will be sent to
- responseTypes string[]
Possible values: [
OIDC_RESPONSE_TYPE_CODE
,OIDC_RESPONSE_TYPE_ID_TOKEN
,OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
]Determines whether a code, id_token token or just id_token will be returned
- grantTypes string[]
Possible values: [
OIDC_GRANT_TYPE_AUTHORIZATION_CODE
,OIDC_GRANT_TYPE_IMPLICIT
,OIDC_GRANT_TYPE_REFRESH_TOKEN
,OIDC_GRANT_TYPE_DEVICE_CODE
]The flow type the application uses to gain access
- appType string
Possible values: [
OIDC_APP_TYPE_WEB
,OIDC_APP_TYPE_USER_AGENT
,OIDC_APP_TYPE_NATIVE
]Default value:
OIDC_APP_TYPE_WEB
Determines the paradigm of the application
- authMethodType string
Possible values: [
OIDC_AUTH_METHOD_TYPE_BASIC
,OIDC_AUTH_METHOD_TYPE_POST
,OIDC_AUTH_METHOD_TYPE_NONE
,OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
]Default value:
OIDC_AUTH_METHOD_TYPE_BASIC
Defines how the application passes login credentials
- postLogoutRedirectUris string[]
ZITADEL will redirect to this link after a successful logout
- devMode boolean
Used for development, some checks of the OIDC specification will not be checked.
- accessTokenType string
Possible values: [
OIDC_TOKEN_TYPE_BEARER
,OIDC_TOKEN_TYPE_JWT
]Default value:
OIDC_TOKEN_TYPE_BEARER
Type of the access token returned from ZITADEL
- accessTokenRoleAssertion boolean
Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes
- idTokenRoleAssertion boolean
Adds roles to the claims of the id token even if they are not requested by scopes
- idTokenUserinfoAssertion boolean
Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification
- clockSkew string
Used to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims
- additionalOrigins string[]
Additional origins (other than the redirect_uris) from where the API can be used
- skipNativeAppSuccessPage boolean
Skip the successful login page on native apps and directly redirect the user to the callback.
Request Body required
- redirectUris string[]
Callback URI of the authorization request where the code or tokens will be sent to
- responseTypes string[]
Possible values: [
OIDC_RESPONSE_TYPE_CODE
,OIDC_RESPONSE_TYPE_ID_TOKEN
,OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
]Determines whether a code, id_token token or just id_token will be returned
- grantTypes string[]
Possible values: [
OIDC_GRANT_TYPE_AUTHORIZATION_CODE
,OIDC_GRANT_TYPE_IMPLICIT
,OIDC_GRANT_TYPE_REFRESH_TOKEN
,OIDC_GRANT_TYPE_DEVICE_CODE
]The flow type the application uses to gain access
- appType string
Possible values: [
OIDC_APP_TYPE_WEB
,OIDC_APP_TYPE_USER_AGENT
,OIDC_APP_TYPE_NATIVE
]Default value:
OIDC_APP_TYPE_WEB
Determines the paradigm of the application
- authMethodType string
Possible values: [
OIDC_AUTH_METHOD_TYPE_BASIC
,OIDC_AUTH_METHOD_TYPE_POST
,OIDC_AUTH_METHOD_TYPE_NONE
,OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
]Default value:
OIDC_AUTH_METHOD_TYPE_BASIC
Defines how the application passes login credentials
- postLogoutRedirectUris string[]
ZITADEL will redirect to this link after a successful logout
- devMode boolean
Used for development, some checks of the OIDC specification will not be checked.
- accessTokenType string
Possible values: [
OIDC_TOKEN_TYPE_BEARER
,OIDC_TOKEN_TYPE_JWT
]Default value:
OIDC_TOKEN_TYPE_BEARER
Type of the access token returned from ZITADEL
- accessTokenRoleAssertion boolean
Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes
- idTokenRoleAssertion boolean
Adds roles to the claims of the id token even if they are not requested by scopes
- idTokenUserinfoAssertion boolean
Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification
- clockSkew string
Used to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims
- additionalOrigins string[]
Additional origins (other than the redirect_uris) from where the API can be used
- skipNativeAppSuccessPage boolean
Skip the successful login page on native apps and directly redirect the user to the callback.
- 200
- default
A successful response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
details object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
{
"details": {
"sequence": "2",
"creationDate": "2023-05-02",
"changeDate": "2023-05-02",
"resourceOwner": "69629023906488334"
}
}
- Schema
- Example (from schema)
Schema
details object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
{
"details": {
"sequence": "2",
"creationDate": "2023-05-02",
"changeDate": "2023-05-02",
"resourceOwner": "69629023906488334"
}
}
- Schema
- Example (from schema)
Schema
details object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
{
"details": {
"sequence": "2",
"creationDate": "2023-05-02",
"changeDate": "2023-05-02",
"resourceOwner": "69629023906488334"
}
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}