> ## Documentation Index > Fetch the complete documentation index at: https://docs.magic.link/llms.txt > Use this file to discover all available pages before exploring further. # Identity Provider > Manage OIDC identity providers for Express API authentication, including creating, updating, retrieving, and deleting provider configurations. ## Overview Identity providers are essential for Express API authentication. They define how users authenticate and provide the necessary configuration for JWT token validation. Each provider includes an issuer, audience, and JWKS URI for secure token verification. You must configure at least one identity provider before users can authenticate with your Express API application. ## Create Identity Provider Create a new identity provider configuration for your application. ```bash cURL icon="square-terminal" theme={null} curl -X POST 'https://tee.express.magiclabs.com/v1/identity/provider' \ -H 'Content-Type: application/json' \ -H 'X-Magic-Secret-Key: your-magic-secret-key' \ -d '{ "issuer": "https://your-auth-provider.com", "audience": "your-app-audience", "jwks_uri": "https://your-auth-provider.com/.well-known/jwks.json" }' ``` **Response:** ```json theme={null} { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "issuer": "https://your-auth-provider.com", "audience": "your-app-audience", "jwks_uri": "https://your-auth-provider.com/.well-known/jwks.json" } ``` ### Request Parameters The issuer identifier for your OIDC provider. This should match the `iss` claim in JWT tokens. The audience identifier for your application. This should match the `aud` claim in JWT tokens. The JSON Web Key Set URI where Magic can fetch public keys for JWT verification. ### Response Fields Unique identifier for the created identity provider. The issuer identifier returned from the request. The audience identifier returned from the request. The JWKS URI returned from the request. ## Get Identity Providers Retrieve all configured identity providers for your application. ```bash cURL icon="square-terminal" theme={null} curl -X GET 'https://tee.express.magiclabs.com/v1/identity/provider' \ -H 'X-Magic-Secret-Key: your-magic-secret-key' ``` **Response:** ```json theme={null} [ { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "issuer": "https://your-auth-provider.com", "audience": "your-app-audience", "jwks_uri": "https://your-auth-provider.com/.well-known/jwks.json" } ] ``` ### Response Fields Array of identity provider objects. Unique identifier for the identity provider. The issuer identifier for the provider. The audience identifier for the provider. The JWKS URI for the provider. ## Update Identity Provider Update an existing identity provider configuration. ```bash cURL icon="square-terminal" theme={null} curl -X PATCH 'https://tee.express.magiclabs.com/v1/identity/provider/{id}' \ -H 'Content-Type: application/json' \ -H 'X-Magic-Secret-Key: your-magic-secret-key' \ -d '{ "issuer": "https://updated-auth-provider.com", "audience": "updated-app-audience", "jwks_uri": "https://updated-auth-provider.com/.well-known/jwks.json" }' ``` **Response:** ```json theme={null} { "id": "your-passed-in-id", "issuer": "https://updated-auth-provider.com", "audience": "updated-app-audience", "jwks_uri": "https://updated-auth-provider.com/.well-known/jwks.json" } ``` ### Request Parameters The unique identifier of the identity provider to update. The updated issuer identifier for your OIDC provider. The updated audience identifier for your application. The updated JSON Web Key Set URI. ### Response Fields The identity provider ID (unchanged). The updated issuer identifier. The updated audience identifier. The updated JWKS URI. ## Delete Identity Provider Remove an identity provider configuration from your application. ```bash cURL icon="square-terminal" theme={null} curl -X DELETE 'https://tee.express.magiclabs.com/v1/identity/provider/{id}' \ -H 'X-Magic-Secret-Key: your-magic-secret-key' ``` **Response:** ```json theme={null} No content (204 status code) ``` ### Request Parameters The unique identifier of the identity provider to delete. Deleting an identity provider will prevent users authenticated through that provider from accessing your Express API. Ensure you have alternative authentication methods configured before deletion. ## Common Use Cases ### Auth0 Integration ```json theme={null} { "issuer": "https://your-domain.auth0.com/", "audience": "https://your-api-identifier", "jwks_uri": "https://your-domain.auth0.com/.well-known/jwks.json" } ``` ### Firebase Auth Integration ```json theme={null} { "issuer": "https://securetoken.google.com/your-project-id", "audience": "your-project-id", "jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com" } ``` ### Custom OIDC Provider ```json theme={null} { "issuer": "https://your-custom-provider.com", "audience": "your-app-client-id", "jwks_uri": "https://your-custom-provider.com/.well-known/jwks.json" } ```