OIDC Connection Object

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

Globally unique UUID that identifies a specific OIDC Connection.

The status of the connection. The possible values are pending or active. See the Update OIDC Connection endpoint for more details.

A human-readable display name for the connection.

The callback URL for this OIDC connection. This value will be passed to the IdP to redirect the Member back to Stytch after a sign-in attempt.

The OAuth2.0 client ID used to authenticate login attempts. This will be provided by the IdP.

The secret belonging to the OAuth2.0 client used to authenticate login attempts. This will be provided by the IdP.

A case-sensitive https:// URL that uniquely identifies the IdP. This will be provided by the IdP.

The location of the URL that starts an OAuth login at the IdP. This will be provided by the IdP.

The location of the URL that issues OAuth2.0 access tokens and OIDC ID tokens. This will be provided by the IdP.

The location of the IDP's UserInfo Endpoint. This will be provided by the IdP.

The location of the IdP's JSON Web Key Set, used to verify credentials issued by the IdP. This will be provided by the IdP.

Name of the IdP. Enum with possible values: classlink, cyberark, duo, google-workspace, jumpcloud, keycloak, miniorange, microsoft-entra, okta, onelogin, pingfederate, rippling, salesforce, shibboleth, or generic.

Specifying a known provider allows Stytch to handle any provider-specific logic.

A space-separated list of custom scopes that will be requested on every SSOStart call. If set, this value will replace the default set of OIDC scopes requested: openid email profile. Additional scopes can be requested using the custom_scopes query parameter on individual SSOStart calls.