# Manage authentication providers

This documentation explains how to configure your own providers to authenticate end-users in the Consents API. This section shows how to create a new provider, set it as the default provider for your organization, and use one or multiple providers in your widgets.

[Manage authentication providers](#manage-authentication-providers)

[Manage authentication within a widget](#manage-authentication-within-a-widget)

## Manage authentication providers

### Create a provider

A default provider of type `otp` is attached your organization (*except if you have subscribed to Didomi before the 4th of July 2023*).

It will allow our system to send an email to your end-user when he authenticates from a widget or to the Didomi API through the `/auth/initiate` endpoint.

You can also create an Magic Link provider in order to provide a one-step less journey to your end-users. Note that this method includes a token in a link and might be less secured than the One-Time Password workflow.

#### Create an One-Time Password provider

To create an One-Time Password provider, you can send a POST request to `/auth-providers`. You need to specify the following values.

```json
POST https://api.didomi.io/auth-providers

{
    "type": "otp",
    "organization_id": "YOUR_ORGANIZATION_ID",
    // To set as default provider of the organization
    "is_default": true
}
```

#### Create a Magic Link provider

To create a Magic Link provider, you can send a POST request to `/auth-providers`. You need to specify the following values.

```json
POST https://api.didomi.io/auth-providers

{
    "type": "message",
    "organization_id": "YOUR_ORGANIZATION_ID"
    // To set as default provider of the organization
    "is_default": true    
}
```

### Set a default provider

A dedicated property `is_default` could be set within auth provider’s payload to mark the selected auth provider as a default one.

To set a provider as your default provider, you can send a PATCH request to `/auth-providers/id`.

You need to set the `is_default` property to `true` and specify the `type` of your provider which can be either `otp` or `message`.

```json
PATCH https://api.didomi.io/auth-providers/{id}

{
    "type": "otp",
    "is_default": true
}
```

*If you have already one default provider and you create a new one with `is_default` set to `true`, then the other provider will be switched to false automatically.*

## Manage authentication within a widget

Authentication configuration is available at widget level. When you create a widget, depending on the template used, a authentication configuration is set. To edit the authentication configuration, you need to send a PATCH request on `/widgets/{id}` endpoint.

| Property                 | Type    | Description                                                                                                                                                              |
| ------------------------ | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `method`                 | String  | Method used by the widget to authenticate the end-user. Options available are `email` and `null`.                                                                        |
| `componentOptions`       | Object  | Options to configure the Login component.                                                                                                                                |
| `hideIfNotAuthenticated` | Boolean | Hide the widget when the end-user is not authenticated. (Prevents from displaying an empty widget when authentication is not processed)                                  |
| `providerId`             | String  | In case of multiple authentication provider, to use a different provider than the default provider, set the `providerId` of the authentication provider you want to use. |

{% hint style="warning" %}
Be careful when you are editing the `auth` property. This is a JSONB and by design, you need to fill in every property already added every time you edit this object.
{% endhint %}

```json
PATCH https://api.didomi.io/widgets/{id}?organization_id=YOUR_ORG_ID

{
    "auth": {
        "method": "email",
        "componentOptions": {},
        "hideIfNotAuthenticated": false,
        "providerId": "PROVIDER_ID"
    }
}
```

Note that if you choose to set the method to `null`, you have to support authentication on your side. To do so, please follow our dedicated [documentation](/api-and-platform/widgets/privacy-widgets/deploy-a-widget/implement-an-embeddable-widget-on-your-website.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developers.didomi.io/api-and-platform/widgets/privacy-widgets/authentication/manage-authentication-providers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.