The Update OIDC Connection method wraps the Update OIDC Connection API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to update OIDC connections in other Organizations.
When the value of issuer changes, Stytch will attempt to retrieve the OpenID Provider Metadata document found at ${issuer}/.well-known/openid-configuration. If the metadata document can be retrieved successfully, Stytch will use it to infer the values of authorization_url, token_url, jwks_url, and userinfo_url. The client_id and client_secret values cannot be inferred from the metadata document, and must be passed in explicitly.
If the metadata document cannot be retrieved, Stytch will still update the connection using values from the request body.
If the metadata document can be retrieved, and values are passed in the request body, the explicit values passed in from the request body will take precedence over the values inferred from the metadata document.
Note that a newly created connection will not become active until all of the following fields are provided:
- issuer
- client_id
- client_secret
- authorization_url
- token_url
- userinfo_url
- jwks_url
This method is not available for unauthenticated end users. In order to call this method, there must be a valid Member Session containing the necessary Role to complete this action. This method requires the Member to have permission to perform the update action on the stytch.sso Resource.
In addition, Member actions & permissions must be enabled in the SDK Configuration page of the Stytch dashboard. To learn more about our RBAC implementation, see our RBAC guide.