Skip to content
API Reference
API Reference
Zones
Providers

Update provider

zones.providers.update(strid, ProviderUpdateParams**kwargs) -> Provider
PATCH/zones/{zoneId}/providers/{id}

Updates a Provider's configuration and metadata

ParametersExpand Collapse
zone_id: str
id: str
client_id: Optional[str]

OAuth 2.0 client identifier. Set to null to remove.

client_secret: Optional[str]

OAuth 2.0 client secret (will be encrypted and stored securely). Set to null to remove.

description: Optional[str]

Human-readable description. Must not contain HTML tags (e.g. <script>, <div>) or control characters.

maxLength2048
formatsafe-text
identifier: Optional[str]

User specified identifier, unique within the zone. Must not contain HTML tags (e.g. <script>, <div>) or control characters.

minLength1
maxLength2048
formatsafe-text
metadata: Optional[object]

Provider metadata. Set to null to remove all metadata.

name: Optional[str]

Human-readable name. Must not contain HTML tags (e.g. <script>, <div>) or control characters.

minLength1
maxLength255
formatsafe-text
protocols: Optional[Protocols]

Protocol-specific configuration. Set to null to remove all protocols.

oauth2: Optional[ProtocolsOauth2]

OAuth 2.0 protocol configuration. Set to null to remove all OAuth2 config.

authorization_endpoint: Optional[str]
formaturi
authorization_parameters: Optional[Dict[str, str]]

Custom query parameters appended to authorization redirect URLs. Set to null to unset.

authorization_resource_enabled: Optional[bool]

Whether to include the resource parameter in authorization requests. Set to null to unset.

authorization_resource_parameter: Optional[str]

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true. Set to null to unset.

code_challenge_methods_supported: Optional[SequenceNotStr[str]]
issuer: Optional[str]

OIDC issuer URL for discovery and token validation. Cannot be set to null.

formaturi
jwks_uri: Optional[str]
formaturi
registration_endpoint: Optional[str]
formaturi
scope_parameter: Optional[str]

The query parameter name for scopes in authorization requests. Defaults to "scope". Set to null to unset.

scope_separator: Optional[str]

The separator character for scope values. Defaults to " " (space). Set to null to unset.

scopes_supported: Optional[SequenceNotStr[str]]
token_endpoint: Optional[str]
formaturi
token_response_access_token_pointer: Optional[str]

Dot-separated path to the access token in the token response body. Defaults to "access_token". Set to null to unset.

openid: Optional[ProtocolsOpenid]

OpenID Connect protocol configuration. Set to null to remove all OpenID config.

user_identifier_claim: Optional[str]

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. Set to null to revert to default. Changing this value does not affect existing users.

userinfo_endpoint: Optional[str]
formaturi
ReturnsExpand Collapse
class Provider:

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: str

Unique identifier of the provider

created_at: datetime

Entity creation timestamp

formatdate-time
identifier: str

User specified identifier, unique within the zone

minLength1
maxLength2048
name: str

Human-readable name

minLength1
maxLength255
organization_id: str

Organization that owns this provider

owner_type: Literal["platform", "customer"]

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: str

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: datetime

Entity update timestamp

formatdate-time
zone_id: str

Zone this provider belongs to

client_id: Optional[str]

OAuth 2.0 client identifier

client_secret_set: Optional[bool]

Indicates whether a client secret is configured

description: Optional[str]

Human-readable description

maxLength2048
metadata: Optional[object]

Provider metadata

protocols: Optional[Protocols]

Protocol-specific configuration

oauth2: Optional[ProtocolsOauth2]

OAuth 2.0 protocol configuration

issuer: str

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint: Optional[str]
formaturi
authorization_parameters: Optional[Dict[str, str]]

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled: Optional[bool]

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter: Optional[str]

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported: Optional[List[str]]
jwks_uri: Optional[str]
formaturi
registration_endpoint: Optional[str]
formaturi
scope_parameter: Optional[str]

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator: Optional[str]

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported: Optional[List[str]]
token_endpoint: Optional[str]
formaturi
token_response_access_token_pointer: Optional[str]

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid: Optional[ProtocolsOpenid]

OpenID Connect protocol configuration

user_identifier_claim: Optional[str]

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint: Optional[str]
formaturi
type: Optional[Literal["external", "keycard-vault", "keycard-sts"]]
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"

Update provider

from keycardai_api import KeycardAPI

client = KeycardAPI()
provider = client.zones.providers.update(
    id="id",
    zone_id="zoneId",
)
print(provider.id)
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "name": "x",
  "organization_id": "organization_id",
  "owner_type": "platform",
  "slug": "slug",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "client_id": "client_id",
  "client_secret_set": true,
  "description": "description",
  "metadata": {},
  "protocols": {
    "oauth2": {
      "issuer": "https://example.com",
      "authorization_endpoint": "https://example.com",
      "authorization_parameters": {
        "foo": "string"
      },
      "authorization_resource_enabled": true,
      "authorization_resource_parameter": "authorization_resource_parameter",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scope_parameter": "scope_parameter",
      "scope_separator": "scope_separator",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com",
      "token_response_access_token_pointer": "token_response_access_token_pointer"
    },
    "openid": {
      "user_identifier_claim": "user_identifier_claim",
      "userinfo_endpoint": "https://example.com"
    }
  },
  "type": "external"
}
Returns Examples
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "name": "x",
  "organization_id": "organization_id",
  "owner_type": "platform",
  "slug": "slug",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "client_id": "client_id",
  "client_secret_set": true,
  "description": "description",
  "metadata": {},
  "protocols": {
    "oauth2": {
      "issuer": "https://example.com",
      "authorization_endpoint": "https://example.com",
      "authorization_parameters": {
        "foo": "string"
      },
      "authorization_resource_enabled": true,
      "authorization_resource_parameter": "authorization_resource_parameter",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scope_parameter": "scope_parameter",
      "scope_separator": "scope_separator",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com",
      "token_response_access_token_pointer": "token_response_access_token_pointer"
    },
    "openid": {
      "user_identifier_claim": "user_identifier_claim",
      "userinfo_endpoint": "https://example.com"
    }
  },
  "type": "external"
}