Deprecated: Add JWT Identity Provider (IDP)

POST 
https://$CUSTOM-DOMAIN/admin/v1/idps/jwt

deprecated

Create a new identity provider configuration to enable your users to log in with social/enterprise login. JSON Web Token Identity Provider (JWT IDP) gives you the possibility to use an (existing) JWT as a federated identity. You have to provide an endpoint where ZITADEL can get the existing JWT token.

Request

application/json

Body

required

name stringrequired

Possible values: non-empty and <= 200 characters

stylingType string

Possible values: [STYLING_TYPE_UNSPECIFIED, STYLING_TYPE_GOOGLE]

Default value: STYLING_TYPE_UNSPECIFIED

some identity providers specify the styling of the button to their login

jwtEndpoint stringrequired

Possible values: non-empty and <= 200 characters

the endpoint where the jwt can be extracted

issuer stringrequired

Possible values: non-empty and <= 200 characters

the issuer of the jwt (for validation)

keysEndpoint stringrequired

Possible values: non-empty and <= 200 characters

the endpoint to the key (JWK) which is used to sign the JWT with

headerName stringrequired

Possible values: non-empty and <= 200 characters

the name of the header where the JWT is sent in, default is authorization

autoRegister boolean

application/grpc

Body

required

name stringrequired

Possible values: non-empty and <= 200 characters

stylingType string

Possible values: [STYLING_TYPE_UNSPECIFIED, STYLING_TYPE_GOOGLE]

Default value: STYLING_TYPE_UNSPECIFIED

some identity providers specify the styling of the button to their login

jwtEndpoint stringrequired

Possible values: non-empty and <= 200 characters

the endpoint where the jwt can be extracted

issuer stringrequired

Possible values: non-empty and <= 200 characters

the issuer of the jwt (for validation)

keysEndpoint stringrequired

Possible values: non-empty and <= 200 characters

the endpoint to the key (JWK) which is used to sign the JWT with

headerName stringrequired

Possible values: non-empty and <= 200 characters

the name of the header where the JWT is sent in, default is authorization

autoRegister boolean

application/grpc-web+proto

Body

required

name stringrequired

Possible values: non-empty and <= 200 characters

stylingType string

Possible values: [STYLING_TYPE_UNSPECIFIED, STYLING_TYPE_GOOGLE]

Default value: STYLING_TYPE_UNSPECIFIED

some identity providers specify the styling of the button to their login

jwtEndpoint stringrequired

Possible values: non-empty and <= 200 characters

the endpoint where the jwt can be extracted

issuer stringrequired

Possible values: non-empty and <= 200 characters

the issuer of the jwt (for validation)

keysEndpoint stringrequired

Possible values: non-empty and <= 200 characters

the endpoint to the key (JWK) which is used to sign the JWT with

headerName stringrequired

Possible values: non-empty and <= 200 characters

the name of the header where the JWT is sent in, default is authorization

autoRegister boolean

Responses

200

idp created

application/json

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)
idpId string

Example (from schema)

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-03-25T10:28:49.766Z",
    "changeDate": "2025-03-25T10:28:49.767Z",
    "resourceOwner": "69629023906488334"
  },
  "idpId": "69234230193872955"
}

application/grpc

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)
idpId string

Example (from schema)

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-03-25T10:28:49.767Z",
    "changeDate": "2025-03-25T10:28:49.767Z",
    "resourceOwner": "69629023906488334"
  },
  "idpId": "69234230193872955"
}

application/grpc-web+proto

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)
idpId string

Example (from schema)

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-03-25T10:28:49.767Z",
    "changeDate": "2025-03-25T10:28:49.767Z",
    "resourceOwner": "69629023906488334"
  },
  "idpId": "69234230193872955"
}

400

invalid argument

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

403

Returned when the user does not have permission to access the resource.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

404

Returned when the resource does not exist.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

default

An unexpected error response.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

• curl
• python
• go
• nodejs
• ruby
• csharp
• php
• java
• powershell

• CURL

curl -L 'https://$CUSTOM-DOMAIN/admin/v1/idps/jwt' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d '{
  "name": "google",
  "stylingType": "STYLING_TYPE_UNSPECIFIED",
  "jwtEndpoint": "https://custom.com/auth/jwt",
  "issuer": "https://accounts.custom.com",
  "keysEndpoint": "https://accounts.custom.com/keys",
  "headerName": "x-auth-token",
  "autoRegister": true
}'

Request Collapse all

Base URL

https://$CUSTOM-DOMAIN/admin/v1

Auth

Bearer Token

Body required

Content-Type

application/jsonapplication/grpcapplication/grpc-web+proto

{
  "name": "google",
  "stylingType": "STYLING_TYPE_UNSPECIFIED",
  "jwtEndpoint": "https://custom.com/auth/jwt",
  "issuer": "https://accounts.custom.com",
  "keysEndpoint": "https://accounts.custom.com/keys",
  "headerName": "x-auth-token",
  "autoRegister": true
}

ResponseClear

Click the Send API Request button above and see the response here!