Add Google Identity Provider

Add Google Identity Provider

application/json

application/grpc

application/grpc-web+proto

Request Body required

name Google will be used as default, if no name is provided

Google will be used as default, if no name is provided

clientId string

Client id generated by Google

clientSecret string

Client secret generated by Google

scopes string[]

The scopes requested by ZITADEL during the request to Google

providerOptions object

isLinkingAllowed boolean

Enable if users should be able to link an existing ZITADEL user with an external account.

isCreationAllowed boolean

Enable if users should be able to create a new account in ZITADEL when using an external account.

isAutoCreation boolean

Enable if a new account in ZITADEL should be created automatically when login with an external account.

isAutoUpdate boolean

Enable if a the ZITADEL account fields should be updated automatically on each login.

Request Body required

name Google will be used as default, if no name is provided

Google will be used as default, if no name is provided

clientId string

Client id generated by Google

clientSecret string

Client secret generated by Google

scopes string[]

The scopes requested by ZITADEL during the request to Google

providerOptions object

isLinkingAllowed boolean

Enable if users should be able to link an existing ZITADEL user with an external account.

isCreationAllowed boolean

Enable if users should be able to create a new account in ZITADEL when using an external account.

isAutoCreation boolean

Enable if a new account in ZITADEL should be created automatically when login with an external account.

isAutoUpdate boolean

Enable if a the ZITADEL account fields should be updated automatically on each login.

Request Body required

name Google will be used as default, if no name is provided

Google will be used as default, if no name is provided

clientId string

Client id generated by Google

clientSecret string

Client secret generated by Google

scopes string[]

The scopes requested by ZITADEL during the request to Google

providerOptions object

isLinkingAllowed boolean

Enable if users should be able to link an existing ZITADEL user with an external account.

isCreationAllowed boolean

Enable if users should be able to create a new account in ZITADEL when using an external account.

isAutoCreation boolean

Enable if a new account in ZITADEL should be created automatically when login with an external account.

isAutoUpdate boolean

Enable if a the ZITADEL account fields should be updated automatically on each login.

Responses

• 200
• 403
• 404
• default

---

A successful response.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
id string

{
  "details": {
    "sequence": "2",
    "creationDate": "2024-03-27T10:05:52.649Z",
    "changeDate": "2024-03-27T10:05:52.649Z",
    "resourceOwner": "69629023906488334"
  },
  "id": "string"
}

Schema

Example (from schema)

---

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
id string

{
  "details": {
    "sequence": "2",
    "creationDate": "2024-03-27T10:05:52.649Z",
    "changeDate": "2024-03-27T10:05:52.649Z",
    "resourceOwner": "69629023906488334"
  },
  "id": "string"
}

Schema

Example (from schema)

---

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
id string

{
  "details": {
    "sequence": "2",
    "creationDate": "2024-03-27T10:05:52.649Z",
    "changeDate": "2024-03-27T10:05:52.649Z",
    "resourceOwner": "69629023906488334"
  },
  "id": "string"
}

Returned when the user does not have permission to access the resource.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

POST /idps/google

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL

https://$CUSTOM-DOMAIN/admin/v1

Bearer Token

Content-Type

application/jsonapplication/grpcapplication/grpc-web+proto

Body required

{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}

Accept

application/jsonapplication/grpcapplication/grpc-web+proto

curl / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

python / requests

curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

go / native

curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

nodejs / axios

curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

ruby / Net::HTTP

curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

csharp / RestSharp

curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

php / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

java / OkHttp

curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'

powershell / RestMethod

curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/google' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Google",
  "clientId": "client-id",
  "clientSecret": "secret",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'