Update OIDC Application Config

Update the OIDC specific configuration of an application.

Path Parameters

projectId string required
appId string required

Header Parameters

x-zitadel-orgid string
The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.

application/json
application/grpc
application/grpc-web+proto

Request Body required

redirectUris string[]
Callback URI of the authorization request where the code or tokens will be sent to
responseTypes string[]
Possible values: [OIDC_RESPONSE_TYPE_CODE, OIDC_RESPONSE_TYPE_ID_TOKEN, OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN]
Determines whether a code, id_token token or just id_token will be returned
grantTypes string[]
Possible values: [OIDC_GRANT_TYPE_AUTHORIZATION_CODE, OIDC_GRANT_TYPE_IMPLICIT, OIDC_GRANT_TYPE_REFRESH_TOKEN, OIDC_GRANT_TYPE_DEVICE_CODE]
The flow type the application uses to gain access
appType string
Possible values: [OIDC_APP_TYPE_WEB, OIDC_APP_TYPE_USER_AGENT, OIDC_APP_TYPE_NATIVE]
Default value: OIDC_APP_TYPE_WEB
Determines the paradigm of the application
authMethodType string
Possible values: [OIDC_AUTH_METHOD_TYPE_BASIC, OIDC_AUTH_METHOD_TYPE_POST, OIDC_AUTH_METHOD_TYPE_NONE, OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT]
Default value: OIDC_AUTH_METHOD_TYPE_BASIC
Defines how the application passes login credentials
postLogoutRedirectUris string[]
ZITADEL will redirect to this link after a successful logout
devMode boolean
Used for development, some checks of the OIDC specification will not be checked.
accessTokenType string
Possible values: [OIDC_TOKEN_TYPE_BEARER, OIDC_TOKEN_TYPE_JWT]
Default value: OIDC_TOKEN_TYPE_BEARER
Type of the access token returned from ZITADEL
accessTokenRoleAssertion boolean
Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes
idTokenRoleAssertion boolean
Adds roles to the claims of the id token even if they are not requested by scopes
idTokenUserinfoAssertion boolean
Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification
clockSkew string
Used to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims
additionalOrigins string[]
Additional origins (other than the redirect_uris) from where the API can be used
skipNativeAppSuccessPage boolean
Skip the successful login page on native apps and directly redirect the user to the callback.

Request Body required

redirectUris string[]
Callback URI of the authorization request where the code or tokens will be sent to
responseTypes string[]
Possible values: [OIDC_RESPONSE_TYPE_CODE, OIDC_RESPONSE_TYPE_ID_TOKEN, OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN]
Determines whether a code, id_token token or just id_token will be returned
grantTypes string[]
Possible values: [OIDC_GRANT_TYPE_AUTHORIZATION_CODE, OIDC_GRANT_TYPE_IMPLICIT, OIDC_GRANT_TYPE_REFRESH_TOKEN, OIDC_GRANT_TYPE_DEVICE_CODE]
The flow type the application uses to gain access
appType string
Possible values: [OIDC_APP_TYPE_WEB, OIDC_APP_TYPE_USER_AGENT, OIDC_APP_TYPE_NATIVE]
Default value: OIDC_APP_TYPE_WEB
Determines the paradigm of the application
authMethodType string
Possible values: [OIDC_AUTH_METHOD_TYPE_BASIC, OIDC_AUTH_METHOD_TYPE_POST, OIDC_AUTH_METHOD_TYPE_NONE, OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT]
Default value: OIDC_AUTH_METHOD_TYPE_BASIC
Defines how the application passes login credentials
postLogoutRedirectUris string[]
ZITADEL will redirect to this link after a successful logout
devMode boolean
Used for development, some checks of the OIDC specification will not be checked.
accessTokenType string
Possible values: [OIDC_TOKEN_TYPE_BEARER, OIDC_TOKEN_TYPE_JWT]
Default value: OIDC_TOKEN_TYPE_BEARER
Type of the access token returned from ZITADEL
accessTokenRoleAssertion boolean
Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes
idTokenRoleAssertion boolean
Adds roles to the claims of the id token even if they are not requested by scopes
idTokenUserinfoAssertion boolean
Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification
clockSkew string
Used to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims
additionalOrigins string[]
Additional origins (other than the redirect_uris) from where the API can be used
skipNativeAppSuccessPage boolean
Skip the successful login page on native apps and directly redirect the user to the callback.

Request Body required

redirectUris string[]
Callback URI of the authorization request where the code or tokens will be sent to
responseTypes string[]
Possible values: [OIDC_RESPONSE_TYPE_CODE, OIDC_RESPONSE_TYPE_ID_TOKEN, OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN]
Determines whether a code, id_token token or just id_token will be returned
grantTypes string[]
Possible values: [OIDC_GRANT_TYPE_AUTHORIZATION_CODE, OIDC_GRANT_TYPE_IMPLICIT, OIDC_GRANT_TYPE_REFRESH_TOKEN, OIDC_GRANT_TYPE_DEVICE_CODE]
The flow type the application uses to gain access
appType string
Possible values: [OIDC_APP_TYPE_WEB, OIDC_APP_TYPE_USER_AGENT, OIDC_APP_TYPE_NATIVE]
Default value: OIDC_APP_TYPE_WEB
Determines the paradigm of the application
authMethodType string
Possible values: [OIDC_AUTH_METHOD_TYPE_BASIC, OIDC_AUTH_METHOD_TYPE_POST, OIDC_AUTH_METHOD_TYPE_NONE, OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT]
Default value: OIDC_AUTH_METHOD_TYPE_BASIC
Defines how the application passes login credentials
postLogoutRedirectUris string[]
ZITADEL will redirect to this link after a successful logout
devMode boolean
Used for development, some checks of the OIDC specification will not be checked.
accessTokenType string
Possible values: [OIDC_TOKEN_TYPE_BEARER, OIDC_TOKEN_TYPE_JWT]
Default value: OIDC_TOKEN_TYPE_BEARER
Type of the access token returned from ZITADEL
accessTokenRoleAssertion boolean
Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes
idTokenRoleAssertion boolean
Adds roles to the claims of the id token even if they are not requested by scopes
idTokenUserinfoAssertion boolean
Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification
clockSkew string
Used to compensate time difference of servers. Duration added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims
additionalOrigins string[]
Additional origins (other than the redirect_uris) from where the API can be used
skipNativeAppSuccessPage boolean
Skip the successful login page on native apps and directly redirect the user to the callback.

Responses

200
default

A successful response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-12",
    "changeDate": "2023-05-12",
    "resourceOwner": "69629023906488334"
  }
}

Schema
Example (from schema)

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-12",
    "changeDate": "2023-05-12",
    "resourceOwner": "69629023906488334"
  }
}

Schema
Example (from schema)

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection

on manipulation: the
resourceOwner resource_owner is the organization an object belongs to

{
  "details": {
    "sequence": "2",
    "creationDate": "2023-05-12",
    "changeDate": "2023-05-12",
    "resourceOwner": "69629023906488334"
  }
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Update OIDC Application Config​

Update OIDC Application Config