Update OIDC Connection

import { useStytchB2BClient } from '@stytch/react/b2b';

export const UpdateOIDCConnection = () => {
  const stytch = useStytchB2BClient();

  const updateConnection = async () => {
    const response = await stytch.sso.oidc.updateConnection({
      connection_id: 'oidc-connection-test-d89ff7a0-e86f-4b4d-b6a3-9a74d967528e',
      display_name: 'Updated OIDC Connection',
      identity_provider: 'okta',
      issuer: 'https://example.okta.com',
      client_id: 'client-id-from-idp',
      client_secret: 'client-secret-from-idp',
    });
    console.log('Updated connection:', response.connection);
  };

  return <button onClick={updateConnection}>Update OIDC Connection</button>;
};

import { useStytchB2BClient } from '@stytch/react/b2b';

export const UpdateOIDCConnection = () => {
  const stytch = useStytchB2BClient();

  const updateConnection = async () => {
    const response = await stytch.sso.oidc.updateConnection({
      connection_id: 'oidc-connection-test-d89ff7a0-e86f-4b4d-b6a3-9a74d967528e',
      display_name: 'Updated OIDC Connection',
      identity_provider: 'okta',
      issuer: 'https://example.okta.com',
      client_id: 'client-id-from-idp',
      client_secret: 'client-secret-from-idp',
    });
    console.log('Updated connection:', response.connection);
  };

  return <button onClick={updateConnection}>Update OIDC Connection</button>;
};

import { useStytchB2BClient } from '@stytch/react/b2b';

export const UpdateOIDCConnection = () => {
  const stytch = useStytchB2BClient();

  const updateConnection = async () => {
    const response = await stytch.sso.oidc.updateConnection({
      connection_id: 'oidc-connection-test-d89ff7a0-e86f-4b4d-b6a3-9a74d967528e',
      display_name: 'Updated OIDC Connection',
      identity_provider: 'okta',
      issuer: 'https://example.okta.com',
      client_id: 'client-id-from-idp',
      client_secret: 'client-secret-from-idp',
    });
    console.log('Updated connection:', response.connection);
  };

  return <button onClick={updateConnection}>Update OIDC Connection</button>;
};

sso.oidc.updateConnection wraps the Update OIDC Connection API endpoint. The organization_id will be automatically inferred from the logged-in session. This method cannot be used to update OIDC connections in other . When the value of issuer changes, Stytch will attempt to retrieve the OpenID Provider Metadata document found at ${issuer}/.well-known/openid-configuration. If the metadata document can be retrieved successfully, Stytch will use it to infer the values of authorization_url, token_url, jwks_url, and userinfo_url. The client_id and client_secret values cannot be inferred from the metadata document, and must be passed in explicitly. If the metadata document cannot be retrieved, Stytch will still update the connection using values from the request body. If the metadata document can be retrieved, and values are passed in the request body, the explicit values passed in from the request body will take precedence over the values inferred from the metadata document. Note that a newly created connection will not become active until all of the following fields are provided:

issuer
client_id
client_secret
authorization_url
token_url
userinfo_url
jwks_url

RBAC Enforced MethodThis method requires a valid Session for a member with permission to perform the Action on the Resource.Before using this method, enable Member actions & organization modifications in the Frontend SDK page. To learn more, see our RBAC guide.

Parameters

connection_id

string

required

Globally unique UUID that identifies a specific SSO connection_id for a Member.

identity_provider

string

required

Name of the IdP. Enum with possible values: classlink, cyberark, duo, google-workspace, jumpcloud, keycloak, miniorange, microsoft-entra, okta, onelogin, pingfederate, rippling, salesforce, shibboleth, or generic.Specifying a known provider allows Stytch to handle any provider-specific logic.

display_name

string

required

A human-readable display name for the connection.

issuer

string

required

A case-sensitive https:// URL that must uniquely identify the IdP. This will be provided by the IdP.

client_id

string

required

The OAuth2.0 client ID used to authenticate login attempts. This will be provided by the IdP.

client_secret

string

required

The secret belonging to the OAuth2.0 client used to authenticate login attempts. This will be provided by the IdP.

authorization_url

string

required

The location of the URL that starts an OAuth login at the IdP. This will be provided by the IdP.

token_url

string

required

The location of the URL that issues OAuth2.0 access tokens and OIDC ID tokens. This will be provided by the IdP.

userinfo_url

string

required

The location of the IDP’s UserInfo Endpoint. This will be provided by the IdP.

jwks_url

string

required

The location of the IdP’s JSON Web Key Set, used to verify credentials issued by the IdP. This will be provided by the IdP.

Response

connection

object

The OIDC Connection object updated by this API call.

request_id

string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code

number

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

⌘I

​Parameters

​Response

Parameters

Response