Skip to content
API Reference
API Reference
Zones
Providers

Update provider

client.zones.providers.update(stringid, ProviderUpdateParams { zoneId, client_id, client_secret, 5 more } params, RequestOptionsoptions?): Provider { id, created_at, identifier, 12 more }
PATCH/zones/{zoneId}/providers/{id}

Updates a Provider's configuration and metadata

ParametersExpand Collapse
id: string
params: ProviderUpdateParams { zoneId, client_id, client_secret, 5 more }
zoneId: string

Path param

client_id?: string | null

Body param: OAuth 2.0 client identifier. Set to null to remove.

client_secret?: string | null

Body param: OAuth 2.0 client secret (will be encrypted and stored securely). Set to null to remove.

description?: string | null

Body param: Human-readable description. Must not contain HTML tags (e.g. <script>, <div>) or control characters.

maxLength2048
formatsafe-text
identifier?: string

Body param: User specified identifier, unique within the zone. Must not contain HTML tags (e.g. <script>, <div>) or control characters.

minLength1
maxLength2048
formatsafe-text
metadata?: unknown

Body param: Provider metadata. Set to null to remove all metadata.

name?: string

Body param: Human-readable name. Must not contain HTML tags (e.g. <script>, <div>) or control characters.

minLength1
maxLength255
formatsafe-text
protocols?: Protocols | null

Body param: Protocol-specific configuration. Set to null to remove all protocols.

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration. Set to null to remove all OAuth2 config.

authorization_endpoint?: string | null
formaturi
authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Set to null to unset.

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests. Set to null to unset.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true. Set to null to unset.

code_challenge_methods_supported?: Array<string> | null
issuer?: string

OIDC issuer URL for discovery and token validation. Cannot be set to null.

formaturi
jwks_uri?: string | null
formaturi
registration_endpoint?: string | null
formaturi
scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Set to null to unset.

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Set to null to unset.

scopes_supported?: Array<string> | null
token_endpoint?: string | null
formaturi
token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Set to null to unset.

openid?: Openid | null

OpenID Connect protocol configuration. Set to null to remove all OpenID config.

user_identifier_claim?: string | null

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. Set to null to revert to default. Changing this value does not affect existing users.

userinfo_endpoint?: string | null
formaturi
ReturnsExpand Collapse
Provider { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this provider

owner_type: "platform" | "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this provider belongs to

client_id?: string | null

OAuth 2.0 client identifier

client_secret_set?: boolean

Indicates whether a client secret is configured

description?: string | null

Human-readable description

maxLength2048
metadata?: unknown

Provider metadata

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint?: string | null
formaturi
authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported?: Array<string> | null
jwks_uri?: string | null
formaturi
registration_endpoint?: string | null
formaturi
scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported?: Array<string> | null
token_endpoint?: string | null
formaturi
token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid?: Openid | null

OpenID Connect protocol configuration

user_identifier_claim?: string | null

Name of a top-level string claim in this provider's ID Token to use as the user identifier on user creation. When not set, the user's Keycard ID is used.

userinfo_endpoint?: string | null
formaturi
type?: "external" | "keycard-vault" | "keycard-sts"
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"

Update provider

import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const provider = await client.zones.providers.update('id', { zoneId: 'zoneId' });

console.log(provider.id);
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "name": "x",
  "organization_id": "organization_id",
  "owner_type": "platform",
  "slug": "slug",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "client_id": "client_id",
  "client_secret_set": true,
  "description": "description",
  "metadata": {},
  "protocols": {
    "oauth2": {
      "issuer": "https://example.com",
      "authorization_endpoint": "https://example.com",
      "authorization_parameters": {
        "foo": "string"
      },
      "authorization_resource_enabled": true,
      "authorization_resource_parameter": "authorization_resource_parameter",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scope_parameter": "scope_parameter",
      "scope_separator": "scope_separator",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com",
      "token_response_access_token_pointer": "token_response_access_token_pointer"
    },
    "openid": {
      "user_identifier_claim": "user_identifier_claim",
      "userinfo_endpoint": "https://example.com"
    }
  },
  "type": "external"
}
Returns Examples
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "name": "x",
  "organization_id": "organization_id",
  "owner_type": "platform",
  "slug": "slug",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "client_id": "client_id",
  "client_secret_set": true,
  "description": "description",
  "metadata": {},
  "protocols": {
    "oauth2": {
      "issuer": "https://example.com",
      "authorization_endpoint": "https://example.com",
      "authorization_parameters": {
        "foo": "string"
      },
      "authorization_resource_enabled": true,
      "authorization_resource_parameter": "authorization_resource_parameter",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scope_parameter": "scope_parameter",
      "scope_separator": "scope_separator",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com",
      "token_response_access_token_pointer": "token_response_access_token_pointer"
    },
    "openid": {
      "user_identifier_claim": "user_identifier_claim",
      "userinfo_endpoint": "https://example.com"
    }
  },
  "type": "external"
}