Add a Custom IdP
You can connect any OAuth2 or OIDC-compliant identity provider to Aero2.
Requirements
You need the following information from your identity provider:
| Field | Description |
|---|---|
| Client ID | OAuth client identifier |
| Client Secret | OAuth client secret |
| Authorization Endpoint | URL where users authenticate |
| Token Endpoint | URL to exchange codes for tokens |
| UserInfo Endpoint | URL to fetch user profile |
| Scopes | Scopes to request (space-separated) |
Configure via Admin API
curl -X POST https://aero2.dev/api/idps \
-H "Authorization: Bearer <admin_token>" \
-H "Content-Type: application/json" \
-d '{
"name": "my-provider",
"type": "oauth2",
"display_name": "My Identity Provider",
"client_id": "your-client-id",
"client_secret": "your-client-secret",
"authorization_endpoint": "https://provider.example.com/authorize",
"token_endpoint": "https://provider.example.com/token",
"userinfo_endpoint": "https://provider.example.com/userinfo",
"scopes": "openid profile email"
}'Provider Type
| Type | When to use |
|---|---|
oauth2 | Provider uses standard OAuth2 (e.g., GitHub, Facebook) |
oidc | Provider supports OpenID Connect (e.g., Google, Azure AD) |
UserInfo Response Mapping
Aero2 expects the UserInfo endpoint to return a JSON object. It looks for these fields:
| Field | Fallbacks | Used for |
|---|---|---|
email | mail | User's email |
name | displayName, login | Display name |
picture | avatar_url, photo | Profile image |
sub | id, user_id | Provider user ID |
Managing Providers
# List all providers
curl https://aero2.dev/api/idps
# Update a provider
curl -X PUT https://aero2.dev/api/idps/<id> \
-H "Authorization: Bearer <admin_token>" \
-H "Content-Type: application/json" \
-d '{"display_name": "Updated Name"}'
# Disable a provider
curl -X PUT https://aero2.dev/api/idps/<id> \
-H "Authorization: Bearer <admin_token>" \
-H "Content-Type: application/json" \
-d '{"enabled": false}'
# Delete a provider
curl -X DELETE https://aero2.dev/api/idps/<id> \
-H "Authorization: Bearer <admin_token>"