Skip to main content

Deprecated: Add JWT Identity Provider (IDP)​

deprecated

This endpoint has been deprecated and may be removed in future versions of the API.

Create a new identity provider configuration to enable your users to log in with social/enterprise login. JSON Web Token Identity Provider (JWT IDP) gives you the possibility to use an (existing) JWT as a federated identity. You have to provide an endpoint where ZITADEL can get the existing JWT token.

Request Body required
    name string required

    Possible values: non-empty and <= 200 characters

    stylingType string

    Possible values: [STYLING_TYPE_UNSPECIFIED, STYLING_TYPE_GOOGLE]

    Default value: STYLING_TYPE_UNSPECIFIED

    some identity providers specify the styling of the button to their login

    jwtEndpoint string required

    Possible values: non-empty and <= 200 characters

    the endpoint where the jwt can be extracted

    issuer string required

    Possible values: non-empty and <= 200 characters

    the issuer of the jwt (for validation)

    keysEndpoint string required

    Possible values: non-empty and <= 200 characters

    the endpoint to the key (JWK) which is used to sign the JWT with

    headerName string required

    Possible values: non-empty and <= 200 characters

    the name of the header where the JWT is sent in, default is authorization

    autoRegister boolean
Responses

idp created

Schema
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to
    idpId string
POST /idps/jwt

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN/admin/v1
Bearer Token
Content-Type
Body required
{

  "name": "google",

  "stylingType": "STYLING_TYPE_UNSPECIFIED",

  "jwtEndpoint": "https://custom.com/auth/jwt",

  "issuer": "https://accounts.custom.com",

  "keysEndpoint": "https://accounts.custom.com/keys",

  "headerName": "x-auth-token",

  "autoRegister": true

}
Accept
curl / cURL
curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/jwt' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "google",
  "stylingType": "STYLING_TYPE_UNSPECIFIED",
  "jwtEndpoint": "https://custom.com/auth/jwt",
  "issuer": "https://accounts.custom.com",
  "keysEndpoint": "https://accounts.custom.com/keys",
  "headerName": "x-auth-token",
  "autoRegister": true
}'