--- title: Set an OIDC Identity Provider to Call a DaVinci Flow description: Create a new OIDC external identity provider using the POST {{apiPath}}/v1/environments/{{destinationEnvID}}/identityProviders request. component: pingone-api page_id: pingone-api:auth:pingone-davinci/davinci-runtime-apis/pingflows-idp/set-oidc-idp canonical_url: https://developer.pingidentity.com/pingone-api/auth/pingone-davinci/davinci-runtime-apis/pingflows-idp/set-oidc-idp.html section_ids: headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Set an OIDC Identity Provider to Call a DaVinci Flow ## ```none POST {{apiPath}}/v1/environments/{{envID}}/identityProviders ``` Create a new OIDC external identity provider using the `POST {{apiPath}}/v1/environments/{{destinationEnvID}}/identityProviders` request. * In the request body, the following properties must be set: * The `name` property value must be unique to the environment. * The `clientId` specifies the ID of the DaVinci application you created in DaVinci. * The `clientSecret` specifies the DaVinci application's client secret key. * The `discoveryEndpoint` in the request body is the DaVinci discovery endpoint URL. * The `authorizationEndpoint` is the DaVinci authorize endpoint that includes the DaVinci flow policy ID in the URL. * The `tokenEndpoint` is the DaVinci token endpoint. See the example request body for the other DaVinci properties. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | In this example, the request body to create the OIDC external identity provider includes a registration object that requires a population ID. If you do not have a test population in your environment, refer to [Create Populations](../../../../platform/populations.html) in the *PingOne API Reference* to create one. | ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.", "enabled": true, "name": "PingOne_DaVinci", "type": "OPENID_CONNECT", "clientId": "{{davinciAppID}}", "clientSecret": "{{davinciAppClientSecret}}", "registration":{ "population":{ "id":"{{populationID}}" } }, "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize", "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token", "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo", "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks", "issuer": "https://auth.pingone.com/{{envID}}/davinci", "scopes": ["openid", "profile"], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration", "pkceMethod":"NONE" } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/identityProviders' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.", "enabled": true, "name": "PingOne_DaVinci", "type": "OPENID_CONNECT", "clientId": "{{davinciAppID}}", "clientSecret": "{{davinciAppClientSecret}}", "registration":{ "population":{ "id":"{{populationID}}" } }, "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize", "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token", "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo", "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks", "issuer": "https://auth.pingone.com/{{envID}}/davinci", "scopes": ["openid", "profile"], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration", "pkceMethod":"NONE" }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/identityProviders") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""description"": ""PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.""," + "\n" + @" ""enabled"": true," + "\n" + @" ""name"": ""PingOne_DaVinci""," + "\n" + @" ""type"": ""OPENID_CONNECT""," + "\n" + @" ""clientId"": ""{{davinciAppID}}""," + "\n" + @" ""clientSecret"": ""{{davinciAppClientSecret}}""," + "\n" + @" ""registration"":{" + "\n" + @" ""population"":{" + "\n" + @" ""id"":""{{populationID}}""" + "\n" + @" }" + "\n" + @" }," + "\n" + @" ""authorizationEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize""," + "\n" + @" ""tokenEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/token""," + "\n" + @" ""userInfoEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/userinfo""," + "\n" + @" ""jwksEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/jwks""," + "\n" + @" ""issuer"": ""https://auth.pingone.com/{{envID}}/davinci""," + "\n" + @" ""scopes"": [""openid"", ""profile""]," + "\n" + @" ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""," + "\n" + @" ""discoveryEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration""," + "\n" + @" ""pkceMethod"":""NONE""" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/identityProviders" method := "POST" payload := strings.NewReader(`{ "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.", "enabled": true, "name": "PingOne_DaVinci", "type": "OPENID_CONNECT", "clientId": "{{davinciAppID}}", "clientSecret": "{{davinciAppClientSecret}}", "registration":{ "population":{ "id":"{{populationID}}" } }, "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize", "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token", "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo", "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks", "issuer": "https://auth.pingone.com/{{envID}}/davinci", "scopes": ["openid", "profile"], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration", "pkceMethod":"NONE" }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/identityProviders HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.", "enabled": true, "name": "PingOne_DaVinci", "type": "OPENID_CONNECT", "clientId": "{{davinciAppID}}", "clientSecret": "{{davinciAppClientSecret}}", "registration":{ "population":{ "id":"{{populationID}}" } }, "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize", "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token", "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo", "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks", "issuer": "https://auth.pingone.com/{{envID}}/davinci", "scopes": ["openid", "profile"], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration", "pkceMethod":"NONE" } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"description\": \"PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.\",\n \"enabled\": true,\n \"name\": \"PingOne_DaVinci\",\n \"type\": \"OPENID_CONNECT\",\n \"clientId\": \"{{davinciAppID}}\",\n \"clientSecret\": \"{{davinciAppClientSecret}}\",\n \"registration\":{\n \"population\":{\n \"id\":\"{{populationID}}\"\n }\n },\n \"authorizationEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize\",\n \"tokenEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/token\",\n \"userInfoEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/userinfo\",\n \"jwksEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/jwks\",\n \"issuer\": \"https://auth.pingone.com/{{envID}}/davinci\",\n \"scopes\": [\"openid\", \"profile\"],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"discoveryEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration\",\n \"pkceMethod\":\"NONE\"\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/identityProviders") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/identityProviders", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.", "enabled": true, "name": "PingOne_DaVinci", "type": "OPENID_CONNECT", "clientId": "{{davinciAppID}}", "clientSecret": "{{davinciAppClientSecret}}", "registration": { "population": { "id": "{{populationID}}" } }, "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize", "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token", "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo", "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks", "issuer": "https://auth.pingone.com/{{envID}}/davinci", "scopes": [ "openid", "profile" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration", "pkceMethod": "NONE" }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/identityProviders', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.", "enabled": true, "name": "PingOne_DaVinci", "type": "OPENID_CONNECT", "clientId": "{{davinciAppID}}", "clientSecret": "{{davinciAppClientSecret}}", "registration": { "population": { "id": "{{populationID}}" } }, "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize", "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token", "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo", "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks", "issuer": "https://auth.pingone.com/{{envID}}/davinci", "scopes": [ "openid", "profile" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration", "pkceMethod": "NONE" }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/identityProviders" payload = json.dumps({ "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.", "enabled": True, "name": "PingOne_DaVinci", "type": "OPENID_CONNECT", "clientId": "{{davinciAppID}}", "clientSecret": "{{davinciAppClientSecret}}", "registration": { "population": { "id": "{{populationID}}" } }, "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize", "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token", "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo", "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks", "issuer": "https://auth.pingone.com/{{envID}}/davinci", "scopes": [ "openid", "profile" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration", "pkceMethod": "NONE" }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/identityProviders'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",\n "enabled": true,\n "name": "PingOne_DaVinci",\n "type": "OPENID_CONNECT",\n "clientId": "{{davinciAppID}}",\n "clientSecret": "{{davinciAppClientSecret}}",\n "registration":{\n "population":{\n "id":"{{populationID}}"\n }\n },\n "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",\n "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",\n "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",\n "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",\n "issuer": "https://auth.pingone.com/{{envID}}/davinci",\n "scopes": ["openid", "profile"],\n "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",\n "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",\n "pkceMethod":"NONE"\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/identityProviders") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.", "enabled": true, "name": "PingOne_DaVinci", "type": "OPENID_CONNECT", "clientId": "{{davinciAppID}}", "clientSecret": "{{davinciAppClientSecret}}", "registration": { "population": { "id": "{{populationID}}" } }, "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize", "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token", "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo", "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks", "issuer": "https://auth.pingone.com/{{envID}}/davinci", "scopes": [ "openid", "profile" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration", "pkceMethod": "NONE" }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"description\": \"PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.\",\n \"enabled\": true,\n \"name\": \"PingOne_DaVinci\",\n \"type\": \"OPENID_CONNECT\",\n \"clientId\": \"{{davinciAppID}}\",\n \"clientSecret\": \"{{davinciAppClientSecret}}\",\n \"registration\":{\n \"population\":{\n \"id\":\"{{populationID}}\"\n }\n },\n \"authorizationEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize\",\n \"tokenEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/token\",\n \"userInfoEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/userinfo\",\n \"jwksEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/jwks\",\n \"issuer\": \"https://auth.pingone.com/{{envID}}/davinci\",\n \"scopes\": [\"openid\", \"profile\"],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"discoveryEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration\",\n \"pkceMethod\":\"NONE\"\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/identityProviders")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/1525ce95-e070-4e37-aa6e-dca1a715ffb7" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "attributes": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/1525ce95-e070-4e37-aa6e-dca1a715ffb7/attributes" } }, "id": "1525ce95-e070-4e37-aa6e-dca1a715ffb7", "type": "OPENID_CONNECT", "name": "PingOne_DaVinci", "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.", "enabled": true, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "createdAt": "2025-10-22T22:15:39.125Z", "updatedAt": "2025-10-22T22:15:39.125Z", "tokenEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/token", "clientId": "ead0e6c01349d0653d33a1267ebb9c56", "jwksEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/jwks", "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "clientSecret": "a9e8e8b6cb0208f71c0f11d51155fd49e75aea4b3f5750b01469569a54c9a753", "discoveryEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/.well-known/openid-configuration", "scopes": [ "openid", "profile" ], "userInfoEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/userinfo", "authorizationEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/policy/814a0fa8fcf669a2eb96953a1b108a3/authorize", "issuer": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci", "pkceMethod": "NONE" } ```