Skip to main content

Update OIDC Application Config

Update the OIDC specific configuration of an application.

Path Parameters
  • projectId string required
  • appId string required
Header Parameters
  • x-zitadel-orgid string

    The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.

Request Body required
  • redirectUris string[]

    Callback URI of the authorization request where the code or tokens will be sent to

  • responseTypes string[]

    Possible values: [OIDC_RESPONSE_TYPE_CODE, OIDC_RESPONSE_TYPE_ID_TOKEN, OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN]

    Determines whether a code, id_token token or just id_token will be returned

  • grantTypes string[]

    Possible values: [OIDC_GRANT_TYPE_AUTHORIZATION_CODE, OIDC_GRANT_TYPE_IMPLICIT, OIDC_GRANT_TYPE_REFRESH_TOKEN, OIDC_GRANT_TYPE_DEVICE_CODE]

    The flow type the application uses to gain access

  • appType string

    Possible values: [OIDC_APP_TYPE_WEB, OIDC_APP_TYPE_USER_AGENT, OIDC_APP_TYPE_NATIVE]

    Default value: OIDC_APP_TYPE_WEB

    Determines the paradigm of the application

  • authMethodType string

    Possible values: [OIDC_AUTH_METHOD_TYPE_BASIC, OIDC_AUTH_METHOD_TYPE_POST, OIDC_AUTH_METHOD_TYPE_NONE, OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT]

    Default value: OIDC_AUTH_METHOD_TYPE_BASIC

    Defines how the application passes login credentials

  • postLogoutRedirectUris string[]

    ZITADEL will redirect to this link after a successful logout

  • devMode boolean

    Used for development, some checks of the OIDC specification will not be checked.

  • accessTokenType string

    Possible values: [OIDC_TOKEN_TYPE_BEARER, OIDC_TOKEN_TYPE_JWT]

    Default value: OIDC_TOKEN_TYPE_BEARER

    Type of the access token returned from ZITADEL

  • accessTokenRoleAssertion boolean

    Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes

  • idTokenRoleAssertion boolean

    Adds roles to the claims of the id token even if they are not requested by scopes

  • idTokenUserinfoAssertion boolean

    Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification

  • clockSkew string

    Used to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims

  • additionalOrigins string[]

    Additional origins (other than the redirect_uris) from where the API can be used

  • skipNativeAppSuccessPage boolean

    Skip the successful login page on native apps and directly redirect the user to the callback.

Responses

A successful response.


Schema
  • details object
  • sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

  • creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

  • changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

  • resourceOwner resource_owner is the organization an object belongs to
Loading...