# Creates a new SSO provider

Endpoint: POST /v1/sso/custom
Version: V1
Security: authorization_code_with_pkce, client_credentials

## Request fields (application/json):

  - `scheme` (string, required)
    The scheme name for the provider

  - `displayName` (string, required)
    The display name of the provider

  - `enabled` (boolean, required)
    Whether or not the provider is enabled

  - `type` (string, required)
    The type of identityprovider
    Enum: "oidc"

  - `properties` (object, required)
    The properties that defines the behavior of this provider, dependent on which provider that is used, see json schemas for more details

  - `properties.loginEnabled` (boolean, required)
    Whether users can log in via this provider.
    Example: true

  - `properties.visible` (boolean, required)
    Whether this provider is shown on the login page.
    Example: true

  - `properties.delegationEnabled` (boolean, required)
    Whether delegation is permitted via this provider.

  - `properties.autoProvisioningEnabled` (boolean, required)
    Whether users are automatically provisioned on first login via this provider.
    Example: true

  - `properties.clientId` (string, required)
    The OAuth 2.0 client ID registered with the identity provider.
    Example: "my-client-id"

  - `properties.clientSecret` (string,null)
    The OAuth 2.0 client secret. Leave null for public clients using PKCE.
    Example: "my-client-secret"

  - `properties.verifyEnabled` (boolean, required)
    Whether this provider can be used to verify the user in a higher level of assurance.

  - `properties.responseType` (string, required)
    The OAuth 2.0 response type to request from the provider.
    Enum: "id_token", "code", "token", "none"

  - `properties.nameClaimType` (string, required)
    The claim type used to extract the user's name.
    Example: "name"

  - `properties.emailClaimType` (string, required)
    The claim type used to extract the user's email.
    Example: "email"

  - `properties.phoneNumberClaimType` (string, required)
    The claim type used to extract the user's phone number.
    Example: "phone"

  - `properties.subjectClaimType` (string, required)
    The claim type used as the subject identifier.
    Example: "sub"

  - `properties.authority` (string, required)
    The OIDC authority URL of the custom provider.
    Example: "https://your-idp.example.com"

  - `properties.scope` (string, required)
    The OAuth 2.0 scopes to request (space-separated).
    Example: "openid profile email"

  - `properties.getClaimsFromUserInfoEndpoint` (boolean, required)
    Whether to fetch additional claims from the userinfo endpoint after authentication.

  - `properties.usePkce` (boolean, required)
    Whether to use PKCE for the authorization code flow.

## Response 201 fields (application/json):

  - `rel` (string, required)
    The link relation type (e.g. self, update, delete).
    Example: "self"

  - `href` (string,null)
    The URL of the related action.
    Example: "/v0/sso/custom/1"

  - `method` (object, required)
    The HTTP method to use when calling this link.
    Example: "GET"

  - `method.method` (string, required)


## Response 401 fields

## Response 403 fields