The OIDC Auth provider configuration interface. An OIDC provider can be created via createProviderConfig().




clientId: string

This is the required client ID used to confirm the audience of an OIDC provider's ID token.


displayName: string

The user-friendly display name to the current configuration. This name is also used as the provider label in the Cloud Console.


enabled: boolean

Whether the provider configuration is enabled or disabled. A user cannot sign in using a disabled provider.


issuer: string

This is the required provider issuer used to match the provider issuer of the ID token and to determine the corresponding OIDC discovery document, eg. /.well-known/openid-configuration. This is needed for the following:

  • To verify the provided issuer.
  • Determine the authentication/authorization endpoint during the OAuth `id_token` authentication flow.
  • To retrieve the public signing keys via `jwks_uri` to verify the OIDC provider's ID token's signature.
  • To determine the claims_supported to construct the user attributes to be returned in the additional user info response.
ID token validation will be performed as defined in the [spec](


providerId: string

The provider ID defined by the developer. For a SAML provider, this is always prefixed by saml.. For an OIDC provider, this is always prefixed by oidc..