Get Application By ID
Get an application of any type (OIDC, API, SAML)
Path Parameters
- projectId string required
- appId string required
Header Parameters
- x-zitadel-orgid string
The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.
- 200
- default
A successful response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
app object
id stringdetails object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs tostate stringPossible values: [
APP_STATE_UNSPECIFIED
,APP_STATE_ACTIVE
,APP_STATE_INACTIVE
]Default value:
APP_STATE_UNSPECIFIED
current state of the application
name stringoidcConfig object
redirectUris string[]Callback URI of the authorization request where the code or tokens will be sent to
responseTypes string[]Possible values: [
OIDC_RESPONSE_TYPE_CODE
,OIDC_RESPONSE_TYPE_ID_TOKEN
,OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
]Determines whether a code, id_token token or just id_token will be returned
grantTypes string[]Possible values: [
OIDC_GRANT_TYPE_AUTHORIZATION_CODE
,OIDC_GRANT_TYPE_IMPLICIT
,OIDC_GRANT_TYPE_REFRESH_TOKEN
,OIDC_GRANT_TYPE_DEVICE_CODE
]The flow type the application uses to gain access
appType stringPossible values: [
OIDC_APP_TYPE_WEB
,OIDC_APP_TYPE_USER_AGENT
,OIDC_APP_TYPE_NATIVE
]Default value:
OIDC_APP_TYPE_WEB
determines the paradigm of the application
clientId stringgenerated oauth2/oidc client id
authMethodType stringPossible values: [
OIDC_AUTH_METHOD_TYPE_BASIC
,OIDC_AUTH_METHOD_TYPE_POST
,OIDC_AUTH_METHOD_TYPE_NONE
,OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
]Default value:
OIDC_AUTH_METHOD_TYPE_BASIC
defines how the application passes login credentials
postLogoutRedirectUris string[]ZITADEL will redirect to this link after a successful logout
version stringPossible values: [
OIDC_VERSION_1_0
]Default value:
OIDC_VERSION_1_0
the OIDC version used by the application
noneCompliant booleanspecifies whether the config is OIDC compliant. A production configuration SHOULD be compliant
complianceProblems object[]
lists the problems for non-compliancy
Array [key stringlocalizedMessage string]devMode booleanused for development
accessTokenType stringPossible values: [
OIDC_TOKEN_TYPE_BEARER
,OIDC_TOKEN_TYPE_JWT
]Default value:
OIDC_TOKEN_TYPE_BEARER
type of the access token returned from ZITADEL
accessTokenRoleAssertion booleanadds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes
idTokenRoleAssertion booleanadds roles to the claims of the id token even if they are not requested by scopes
idTokenUserinfoAssertion booleanclaims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification
clockSkew stringUsed to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims
additionalOrigins string[]additional origins (other than the redirect_uris) from where the API can be used
allowedOrigins string[]all allowed origins from where the API can be used
skipNativeAppSuccessPage booleanSkip the successful login page on native apps and directly redirect the user to the callback.
apiConfig object
clientId stringgenerated oauth2/oidc client_id
authMethodType stringPossible values: [
API_AUTH_METHOD_TYPE_BASIC
,API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
]Default value:
API_AUTH_METHOD_TYPE_BASIC
defines how the API passes the login credentials
samlConfig object
metadataXml bytemetadataUrl string
{
"app": {
"id": "69629023906488334",
"details": {
"sequence": "2",
"creationDate": "2023-05-10",
"changeDate": "2023-05-10",
"resourceOwner": "69629023906488334"
},
"state": "APP_STATE_UNSPECIFIED",
"name": "Console",
"oidcConfig": {
"redirectUris": [
"https://console.zitadel.ch/auth/callback"
],
"responseTypes": [
"OIDC_RESPONSE_TYPE_CODE"
],
"grantTypes": [
"OIDC_GRANT_TYPE_AUTHORIZATION_CODE"
],
"appType": "OIDC_APP_TYPE_WEB",
"clientId": "69629023906488334@ZITADEL",
"authMethodType": "OIDC_AUTH_METHOD_TYPE_BASIC",
"postLogoutRedirectUris": [
"https://console.zitadel.ch/logout"
],
"version": "OIDC_VERSION_1_0",
"noneCompliant": true,
"complianceProblems": [
{
"key": "string",
"localizedMessage": "string"
}
],
"devMode": true,
"accessTokenType": "OIDC_TOKEN_TYPE_BEARER",
"accessTokenRoleAssertion": true,
"idTokenRoleAssertion": true,
"idTokenUserinfoAssertion": true,
"clockSkew": "string",
"additionalOrigins": [
"https://console.zitadel.ch/auth/callback"
],
"allowedOrigins": [
"https://console.zitadel.ch/auth/callback"
],
"skipNativeAppSuccessPage": true
},
"apiConfig": {
"clientId": "69629023906488334@ZITADEL",
"authMethodType": "API_AUTH_METHOD_TYPE_BASIC"
},
"samlConfig": {
"metadataXml": "string",
"metadataUrl": "string"
}
}
}
- Schema
- Example (from schema)
Schema
app object
id stringdetails object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs tostate stringPossible values: [
APP_STATE_UNSPECIFIED
,APP_STATE_ACTIVE
,APP_STATE_INACTIVE
]Default value:
APP_STATE_UNSPECIFIED
current state of the application
name stringoidcConfig object
redirectUris string[]Callback URI of the authorization request where the code or tokens will be sent to
responseTypes string[]Possible values: [
OIDC_RESPONSE_TYPE_CODE
,OIDC_RESPONSE_TYPE_ID_TOKEN
,OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
]Determines whether a code, id_token token or just id_token will be returned
grantTypes string[]Possible values: [
OIDC_GRANT_TYPE_AUTHORIZATION_CODE
,OIDC_GRANT_TYPE_IMPLICIT
,OIDC_GRANT_TYPE_REFRESH_TOKEN
,OIDC_GRANT_TYPE_DEVICE_CODE
]The flow type the application uses to gain access
appType stringPossible values: [
OIDC_APP_TYPE_WEB
,OIDC_APP_TYPE_USER_AGENT
,OIDC_APP_TYPE_NATIVE
]Default value:
OIDC_APP_TYPE_WEB
determines the paradigm of the application
clientId stringgenerated oauth2/oidc client id
authMethodType stringPossible values: [
OIDC_AUTH_METHOD_TYPE_BASIC
,OIDC_AUTH_METHOD_TYPE_POST
,OIDC_AUTH_METHOD_TYPE_NONE
,OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
]Default value:
OIDC_AUTH_METHOD_TYPE_BASIC
defines how the application passes login credentials
postLogoutRedirectUris string[]ZITADEL will redirect to this link after a successful logout
version stringPossible values: [
OIDC_VERSION_1_0
]Default value:
OIDC_VERSION_1_0
the OIDC version used by the application
noneCompliant booleanspecifies whether the config is OIDC compliant. A production configuration SHOULD be compliant
complianceProblems object[]
lists the problems for non-compliancy
Array [key stringlocalizedMessage string]devMode booleanused for development
accessTokenType stringPossible values: [
OIDC_TOKEN_TYPE_BEARER
,OIDC_TOKEN_TYPE_JWT
]Default value:
OIDC_TOKEN_TYPE_BEARER
type of the access token returned from ZITADEL
accessTokenRoleAssertion booleanadds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes
idTokenRoleAssertion booleanadds roles to the claims of the id token even if they are not requested by scopes
idTokenUserinfoAssertion booleanclaims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification
clockSkew stringUsed to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims
additionalOrigins string[]additional origins (other than the redirect_uris) from where the API can be used
allowedOrigins string[]all allowed origins from where the API can be used
skipNativeAppSuccessPage booleanSkip the successful login page on native apps and directly redirect the user to the callback.
apiConfig object
clientId stringgenerated oauth2/oidc client_id
authMethodType stringPossible values: [
API_AUTH_METHOD_TYPE_BASIC
,API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
]Default value:
API_AUTH_METHOD_TYPE_BASIC
defines how the API passes the login credentials
samlConfig object
metadataXml bytemetadataUrl string
{
"app": {
"id": "69629023906488334",
"details": {
"sequence": "2",
"creationDate": "2023-05-10",
"changeDate": "2023-05-10",
"resourceOwner": "69629023906488334"
},
"state": "APP_STATE_UNSPECIFIED",
"name": "Console",
"oidcConfig": {
"redirectUris": [
"https://console.zitadel.ch/auth/callback"
],
"responseTypes": [
"OIDC_RESPONSE_TYPE_CODE"
],
"grantTypes": [
"OIDC_GRANT_TYPE_AUTHORIZATION_CODE"
],
"appType": "OIDC_APP_TYPE_WEB",
"clientId": "69629023906488334@ZITADEL",
"authMethodType": "OIDC_AUTH_METHOD_TYPE_BASIC",
"postLogoutRedirectUris": [
"https://console.zitadel.ch/logout"
],
"version": "OIDC_VERSION_1_0",
"noneCompliant": true,
"complianceProblems": [
{
"key": "string",
"localizedMessage": "string"
}
],
"devMode": true,
"accessTokenType": "OIDC_TOKEN_TYPE_BEARER",
"accessTokenRoleAssertion": true,
"idTokenRoleAssertion": true,
"idTokenUserinfoAssertion": true,
"clockSkew": "string",
"additionalOrigins": [
"https://console.zitadel.ch/auth/callback"
],
"allowedOrigins": [
"https://console.zitadel.ch/auth/callback"
],
"skipNativeAppSuccessPage": true
},
"apiConfig": {
"clientId": "69629023906488334@ZITADEL",
"authMethodType": "API_AUTH_METHOD_TYPE_BASIC"
},
"samlConfig": {
"metadataXml": "string",
"metadataUrl": "string"
}
}
}
- Schema
- Example (from schema)
Schema
app object
id stringdetails object
sequence uint64on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-timeon read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-timeon read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs tostate stringPossible values: [
APP_STATE_UNSPECIFIED
,APP_STATE_ACTIVE
,APP_STATE_INACTIVE
]Default value:
APP_STATE_UNSPECIFIED
current state of the application
name stringoidcConfig object
redirectUris string[]Callback URI of the authorization request where the code or tokens will be sent to
responseTypes string[]Possible values: [
OIDC_RESPONSE_TYPE_CODE
,OIDC_RESPONSE_TYPE_ID_TOKEN
,OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
]Determines whether a code, id_token token or just id_token will be returned
grantTypes string[]Possible values: [
OIDC_GRANT_TYPE_AUTHORIZATION_CODE
,OIDC_GRANT_TYPE_IMPLICIT
,OIDC_GRANT_TYPE_REFRESH_TOKEN
,OIDC_GRANT_TYPE_DEVICE_CODE
]The flow type the application uses to gain access
appType stringPossible values: [
OIDC_APP_TYPE_WEB
,OIDC_APP_TYPE_USER_AGENT
,OIDC_APP_TYPE_NATIVE
]Default value:
OIDC_APP_TYPE_WEB
determines the paradigm of the application
clientId stringgenerated oauth2/oidc client id
authMethodType stringPossible values: [
OIDC_AUTH_METHOD_TYPE_BASIC
,OIDC_AUTH_METHOD_TYPE_POST
,OIDC_AUTH_METHOD_TYPE_NONE
,OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
]Default value:
OIDC_AUTH_METHOD_TYPE_BASIC
defines how the application passes login credentials
postLogoutRedirectUris string[]ZITADEL will redirect to this link after a successful logout
version stringPossible values: [
OIDC_VERSION_1_0
]Default value:
OIDC_VERSION_1_0
the OIDC version used by the application
noneCompliant booleanspecifies whether the config is OIDC compliant. A production configuration SHOULD be compliant
complianceProblems object[]
lists the problems for non-compliancy
Array [key stringlocalizedMessage string]devMode booleanused for development
accessTokenType stringPossible values: [
OIDC_TOKEN_TYPE_BEARER
,OIDC_TOKEN_TYPE_JWT
]Default value:
OIDC_TOKEN_TYPE_BEARER
type of the access token returned from ZITADEL
accessTokenRoleAssertion booleanadds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes
idTokenRoleAssertion booleanadds roles to the claims of the id token even if they are not requested by scopes
idTokenUserinfoAssertion booleanclaims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification
clockSkew stringUsed to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims
additionalOrigins string[]additional origins (other than the redirect_uris) from where the API can be used
allowedOrigins string[]all allowed origins from where the API can be used
skipNativeAppSuccessPage booleanSkip the successful login page on native apps and directly redirect the user to the callback.
apiConfig object
clientId stringgenerated oauth2/oidc client_id
authMethodType stringPossible values: [
API_AUTH_METHOD_TYPE_BASIC
,API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
]Default value:
API_AUTH_METHOD_TYPE_BASIC
defines how the API passes the login credentials
samlConfig object
metadataXml bytemetadataUrl string
{
"app": {
"id": "69629023906488334",
"details": {
"sequence": "2",
"creationDate": "2023-05-10",
"changeDate": "2023-05-10",
"resourceOwner": "69629023906488334"
},
"state": "APP_STATE_UNSPECIFIED",
"name": "Console",
"oidcConfig": {
"redirectUris": [
"https://console.zitadel.ch/auth/callback"
],
"responseTypes": [
"OIDC_RESPONSE_TYPE_CODE"
],
"grantTypes": [
"OIDC_GRANT_TYPE_AUTHORIZATION_CODE"
],
"appType": "OIDC_APP_TYPE_WEB",
"clientId": "69629023906488334@ZITADEL",
"authMethodType": "OIDC_AUTH_METHOD_TYPE_BASIC",
"postLogoutRedirectUris": [
"https://console.zitadel.ch/logout"
],
"version": "OIDC_VERSION_1_0",
"noneCompliant": true,
"complianceProblems": [
{
"key": "string",
"localizedMessage": "string"
}
],
"devMode": true,
"accessTokenType": "OIDC_TOKEN_TYPE_BEARER",
"accessTokenRoleAssertion": true,
"idTokenRoleAssertion": true,
"idTokenUserinfoAssertion": true,
"clockSkew": "string",
"additionalOrigins": [
"https://console.zitadel.ch/auth/callback"
],
"allowedOrigins": [
"https://console.zitadel.ch/auth/callback"
],
"skipNativeAppSuccessPage": true
},
"apiConfig": {
"clientId": "69629023906488334@ZITADEL",
"authMethodType": "API_AUTH_METHOD_TYPE_BASIC"
},
"samlConfig": {
"metadataXml": "string",
"metadataUrl": "string"
}
}
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
- code int32
- message string
details object[]
Array [@type string]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}