Skip to main content

Add Apple Identity Provider​

Add Apple Identity Provider

Request Body required
    name Apple will be used as default, if no name is provided

    Possible values: <= 200 characters

    Apple will be used as default, if no name is provided

    clientId string required

    Possible values: non-empty and <= 200 characters

    Client id (App ID or Service ID) provided by Apple

    teamId string required

    Possible values: >= 10 characters and <= 10 characters

    (10-character) Team ID provided by Apple

    keyId string required

    Possible values: >= 10 characters and <= 10 characters

    (10-character) ID of the private key generated by Apple

    privateKey byte required

    Possible values: non-empty and <= 5000 characters

    Private Key generated by Apple

    scopes string[]

    Possible values: <= 20

    The scopes requested by ZITADEL during the request to Apple

    providerOptions object
    isLinkingAllowed boolean

    Enable if users should be able to link an existing ZITADEL user with an external account.

    isCreationAllowed boolean

    Enable if users should be able to create a new account in ZITADEL when using an external account.

    isAutoCreation boolean

    Enable if a new account in ZITADEL should be created automatically when login with an external account.

    isAutoUpdate boolean

    Enable if a the ZITADEL account fields should be updated automatically on each login.

    autoLinking string

    Possible values: [AUTO_LINKING_OPTION_UNSPECIFIED, AUTO_LINKING_OPTION_USERNAME, AUTO_LINKING_OPTION_EMAIL]

    Default value: AUTO_LINKING_OPTION_UNSPECIFIED

    Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.

Responses

A successful response.

Schema
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to
    id string
POST /idps/apple

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN/admin/v1
Bearer Token
Content-Type
Body required
{

  "name": "Apple",

  "clientId": "client-id",

  "teamId": "ALT03JV3OS",

  "keyId": "OGKDK25KD",

  "privateKey": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1...",

  "scopes": [

    "name",

    "email"

  ],

  "providerOptions": {

    "isLinkingAllowed": true,

    "isCreationAllowed": true,

    "isAutoCreation": true,

    "isAutoUpdate": true,

    "autoLinking": "AUTO_LINKING_OPTION_UNSPECIFIED"

  }

}
Accept
curl / cURL
curl -L -X POST 'https://$CUSTOM-DOMAIN/admin/v1/idps/apple' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Apple",
  "clientId": "client-id",
  "teamId": "ALT03JV3OS",
  "keyId": "OGKDK25KD",
  "privateKey": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1...",
  "scopes": [
    "name",
    "email"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true,
    "autoLinking": "AUTO_LINKING_OPTION_UNSPECIFIED"
  }
}'