Add Google Identity Provider

Add Google Identity Provider

application/json

Request Body required

• name Google will be used as default, if no name is provided

  Google will be used as default, if no name is provided

• clientId string

  Client id generated by Google

• clientSecret string

  Client secret generated by Google

• scopes string[]

  The scopes requested by ZITADEL during the request to Google

• providerOptions object

  isLinkingAllowed boolean

  Enable if users should be able to link an existing ZITADEL user with an external account.

  isCreationAllowed boolean

  Enable if users should be able to create a new account in ZITADEL when using an external account.

  isAutoCreation boolean

  Enable if a new account in ZITADEL should be created automatically when login with an external account.

  isAutoUpdate boolean

  Enable if a the ZITADEL account fields should be updated automatically on each login.

application/grpc

Request Body required

• name Google will be used as default, if no name is provided

  Google will be used as default, if no name is provided

• clientId string

  Client id generated by Google

• clientSecret string

  Client secret generated by Google

• scopes string[]

  The scopes requested by ZITADEL during the request to Google

• providerOptions object

  isLinkingAllowed boolean

  Enable if users should be able to link an existing ZITADEL user with an external account.

  isCreationAllowed boolean

  Enable if users should be able to create a new account in ZITADEL when using an external account.

  isAutoCreation boolean

  Enable if a new account in ZITADEL should be created automatically when login with an external account.

  isAutoUpdate boolean

  Enable if a the ZITADEL account fields should be updated automatically on each login.

application/grpc-web+proto

Request Body required

• name Google will be used as default, if no name is provided

  Google will be used as default, if no name is provided

• clientId string

  Client id generated by Google

• clientSecret string

  Client secret generated by Google

• scopes string[]

  The scopes requested by ZITADEL during the request to Google

• providerOptions object

  isLinkingAllowed boolean

  Enable if users should be able to link an existing ZITADEL user with an external account.

  isCreationAllowed boolean

  Enable if users should be able to create a new account in ZITADEL when using an external account.

  isAutoCreation boolean

  Enable if a new account in ZITADEL should be created automatically when login with an external account.

  isAutoUpdate boolean

  Enable if a the ZITADEL account fields should be updated automatically on each login.

Responses

• 200
• 403
• 404
• default

---

A successful response.

application/json

• Schema
• Example (from schema)

---

Schema

• details object

  sequence uint64

  on read: the sequence of the last event reduced by the projection

  on manipulation: the timestamp of the event(s) added by the manipulation

  creationDate date-time

  on read: the timestamp of the first event of the object

  on create: the timestamp of the event(s) added by the manipulation

  changeDate date-time

  on read: the timestamp of the last event reduced by the projection

  on manipulation: the

  resourceOwner resource_owner is the organization an object belongs to
• id string

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-10",
    "changeDate": "2023-05-10",
    "resourceOwner": "69629023906488334"
  },
  "id": "string"
}

application/grpc

• Schema
• Example (from schema)

---

Schema

• details object

  sequence uint64

  on read: the sequence of the last event reduced by the projection

  on manipulation: the timestamp of the event(s) added by the manipulation

  creationDate date-time

  on read: the timestamp of the first event of the object

  on create: the timestamp of the event(s) added by the manipulation

  changeDate date-time

  on read: the timestamp of the last event reduced by the projection

  on manipulation: the

  resourceOwner resource_owner is the organization an object belongs to
• id string

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-10",
    "changeDate": "2023-05-10",
    "resourceOwner": "69629023906488334"
  },
  "id": "string"
}

application/grpc-web+proto

• Schema
• Example (from schema)

---

Schema

• details object

  sequence uint64

  on read: the sequence of the last event reduced by the projection

  on manipulation: the timestamp of the event(s) added by the manipulation

  creationDate date-time

  on read: the timestamp of the first event of the object

  on create: the timestamp of the event(s) added by the manipulation

  changeDate date-time

  on read: the timestamp of the last event reduced by the projection

  on manipulation: the

  resourceOwner resource_owner is the organization an object belongs to
• id string

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-10",
    "changeDate": "2023-05-10",
    "resourceOwner": "69629023906488334"
  },
  "id": "string"
}

Returned when the user does not have permission to access the resource.

application/json

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

• Schema
• Example (from schema)

---

Schema

• code int32
• message string
• details object[]

  Array [

  @type string

  ]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

POST /idps/google

Authorization

type: oauth2flow: authorizationCodescopes: openid,urn:zitadel:iam:org:project:id:zitadel:aud

Request

Base URL

https://$ZITADEL_DOMAIN/admin/v1

Bearer Token

Content-Type

application/jsonapplication/grpcapplication/grpc-web+proto

Body required

{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}

Accept

application/jsonapplication/grpcapplication/grpc-web+proto

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'