Create Oauth Provider

POST

/settings/oauth-providers/

const url = 'https://example.com/api/settings/oauth-providers/';
const options = {
  method: 'POST',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: '{"slug":"example","display_name":"example","provider_type":"google","client_id":"example","client_secret":"example","discovery_url":"example","authorize_url":"example","token_url":"example","userinfo_url":"example","scopes":"openid profile email","default_role":"viewer","group_claim":"example","group_role_mapping":{},"enabled":true}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url https://example.com/api/settings/oauth-providers/ \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{ "slug": "example", "display_name": "example", "provider_type": "google", "client_id": "example", "client_secret": "example", "discovery_url": "example", "authorize_url": "example", "token_url": "example", "userinfo_url": "example", "scopes": "openid profile email", "default_role": "viewer", "group_claim": "example", "group_role_mapping": {}, "enabled": true }'

Create a new OAuth provider (admin only).

Authorizations

OAuth2PasswordBearer

Request Body^required

application/json

OAuthProviderCreate

Schema for creating a new OAuth provider.

object

slug

required

Slug

URL-safe identifier used in callback URLs (e.g. ‘google’, ‘azure-ad’). Lowercase, digits, and hyphens only.

string

>= 1 characters <= 50 characters /^[a-z0-9-]+$/

display_name

required

Display Name

Human-readable label shown on the login page button.

string

>= 1 characters <= 100 characters

provider_type

required

Provider Type

OAuth provider type. ‘google’ and ‘microsoft’ auto-populate the discovery URL; ‘oidc’ is generic.

string

Allowed values: google microsoft oidc

client_id

required

Client Id

OAuth client ID issued by the IdP.

string

>= 1 characters <= 500 characters

client_secret

required

Client Secret

OAuth client secret issued by the IdP. Stored encrypted; never returned in responses.

string

>= 1 characters <= 1000 characters

discovery_url

Any of:

string
null

string

<= 512 characters

authorize_url

Any of:

string
null

string

<= 512 characters

token_url

Any of:

string
null

string

<= 512 characters

userinfo_url

Any of:

string
null

string

<= 512 characters

scopes

Scopes

Space-separated OAuth scopes.

string

default: openid profile email <= 500 characters

default_role

Default Role

Role assigned to new users created via this provider: ‘viewer’, ‘editor’, or ‘admin’.

string

default: viewer <= 50 characters

group_claim

Any of:

string
null

string

<= 100 characters

group_role_mapping

Any of:

object
null

object

key

additional properties

any

enabled

Enabled

Whether the provider button appears on the login page.

boolean

default: true

Responses

201

Successful Response

application/json

OAuthProviderResponse

Response schema for OAuth provider. Never exposes client_secret.

object

required

Unique provider identifier.

string format: uuid

slug

required

Slug

URL-safe identifier used in the callback URL.

string

display_name

required

Display Name

Label shown on the login page button.

string

provider_type

required

Provider Type

Provider type: ‘google’, ‘microsoft’, or ‘oidc’.

string

client_id

required

Client Id

OAuth client ID. Visible to admins; never exposes client_secret.

string

discovery_url

Any of:

string
null

string

authorize_url

Any of:

string
null

string

token_url

Any of:

string
null

string

userinfo_url

Any of:

string
null

string

scopes

required

Scopes

Space-separated OAuth scopes.

string

default_role

required

Default Role

Default role assigned to new users.

string

group_claim

Any of:

string
null

string

group_role_mapping

Any of:

object
null

object

key

additional properties

any

enabled

required

Enabled

Whether the provider button appears on the login page.

boolean

created_at

required

Created At

Timestamp the provider was created.

string format: date-time

updated_at

required

Updated At

Timestamp the provider was last updated.

string format: date-time

Example ^generated

{
  "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
  "slug": "example",
  "display_name": "example",
  "provider_type": "example",
  "client_id": "example",
  "discovery_url": "example",
  "authorize_url": "example",
  "token_url": "example",
  "userinfo_url": "example",
  "scopes": "example",
  "default_role": "example",
  "group_claim": "example",
  "group_role_mapping": {},
  "enabled": true,
  "created_at": "2026-04-15T12:00:00Z",
  "updated_at": "2026-04-15T12:00:00Z"
}

422

Validation Error

application/json

HTTPValidationError

object

detail

Detail

Array<object>

ValidationError

object

loc

required

Location

Array

msg

required

Message

string

type

required

Error Type

string

input

Input

ctx

Context

object

Example ^generated

{
  "detail": [
    {
      "loc": [
        "example"
      ],
      "msg": "example",
      "type": "example",
      "input": "example",
      "ctx": {}
    }
  ]
}

Create Oauth Provider

Authorizations

Request Body required

Responses

201

Example generated

422

Example generated

Request Body^required

Example ^generated

Example ^generated