Identity Providers
Identity provider (IdP) endpoints manage external OAuth2/OIDC providers that users can sign in with. Each application has its own set of identity providers. The list endpoint is public (used by the login page), while create/update/delete require admin access.
GET/api/idpsNo Auth
Returns all configured identity providers. Public fields only (no secrets).
Response
{
"providers": [
{
"id": "idp-uuid",
"name": "github",
"type": "oauth2",
"display_name": "GitHub",
"enabled": true,
"created_at": "2026-01-15T08:00:00Z"
}
]
}POST/api/idpsAdmin
Registers a new external identity provider (OAuth2/OIDC).
| Parameter | Type | Description |
|---|---|---|
| name* body | string | Unique identifier (e.g., "github") |
| type* body | string | "oauth2" or "oidc" |
| display_name* body | string | Human-readable name |
| client_id* body | string | OAuth client ID for the external IdP |
| client_secret* body | string | OAuth client secret for the external IdP |
| authorization_endpoint* body | string | External IdP authorization URL |
| token_endpoint* body | string | External IdP token URL |
| userinfo_endpoint* body | string | External IdP user info URL |
| scopes body | string | Space-separated scopes to request |
Request
{
"name": "github",
"type": "oauth2",
"display_name": "GitHub",
"client_id": "Iv1.abc123",
"client_secret": "secret123",
"authorization_endpoint": "https://github.com/login/oauth/authorize",
"token_endpoint": "https://github.com/login/oauth/access_token",
"userinfo_endpoint": "https://api.github.com/user",
"scopes": "read:user user:email"
}Response
{
"id": "idp-uuid",
"message": "Identity provider created"
}GET/api/idps/:idAdmin
Returns full details of an identity provider (including configuration, excluding secrets).
| Parameter | Type | Description |
|---|---|---|
| id* path | string | Identity provider ID |
Response
{
"id": "idp-uuid",
"name": "github",
"type": "oauth2",
"display_name": "GitHub",
"enabled": true,
"authorization_endpoint": "https://github.com/login/oauth/authorize",
"token_endpoint": "https://github.com/login/oauth/access_token",
"userinfo_endpoint": "https://api.github.com/user",
"scopes": "read:user user:email",
"created_at": "2026-01-15T08:00:00Z"
}PUT/api/idps/:idAdmin
Updates an identity provider's configuration.
| Parameter | Type | Description |
|---|---|---|
| id* path | string | Identity provider ID |
| display_name body | string | Human-readable name |
| client_id body | string | OAuth client ID |
| client_secret body | string | OAuth client secret |
| enabled body | boolean | Enable or disable the provider |
Request
{
"display_name": "GitHub SSO",
"enabled": true
}Response
{
"message": "Identity provider updated"
}DELETE/api/idps/:idAdmin
Removes an identity provider. Users linked to this provider will lose that login method.
| Parameter | Type | Description |
|---|---|---|
| id* path | string | Identity provider ID |
Response
{
"message": "Identity provider deleted"
}Supported Provider Types
| Type | Description |
|---|---|
oauth2 | Standard OAuth2 provider (e.g., GitHub) |
oidc | OpenID Connect provider (e.g., Google) |
See the Set Up GitHub Login guide for a step-by-step walkthrough.