-
Notifications
You must be signed in to change notification settings - Fork 5
LoginOAuth
Allows login using an OAuth2 provider. Currently, supported providers are Google, Facebook, Linked-In and Apple OAuth2. Depending on the provider, login can be done by using OAuth2 access token, ID token or authorization code with optional redirect URI. On success, this API call provides a JWT access token that can be used to access protected resources and a refresh token.
URLs:
/v1/auth/login/google
/v1/auth/login/apple
/v1/auth/login/facebook
/v1/auth/login/linkedit
Method: POST
Path Parameters: None
Query Parameters: None
Headers:
Content-Type: application/json
Accept: application/json
g-recaptcha-platform: {Web|Android|iOS}
g-recaptcha-token: {reCAPTCHA Token for "login_google", "login_apple", "login_facebook" or "login_linkedit" action}
Content:
Field | Type | Description | Requirement Type |
---|---|---|---|
accessToken | string | OAuth2 access token (hex-string encoded). Currently, not suppported for Apple. | Required only if idToken and code not specified. |
idToken | string | OAuth2 ID token (hex-string encoded). Currently, only suppported for Apple. | Required only if accessToken and code not specified. |
code | string | OAuth2 authorization code (hex-string encoded). | Required only if accessToken and idToken not specified. |
redirectUri | string | OAuth2 redirection URI. | Required only if accessToken and idToken not specified. Some mobile clients don't require it (check Client SDK documentation) |
clientPlatform | string | Client platform type. Valid values are: Web , Android and IOS . Defaults to Web if missing. |
Optional |
Content example (using OAuth2 access token):
{
"accessToken": "93144b288eb1fdccbe46d6fc0f241a51766ecd3d"
}
Content example (using OAuth2 ID token):
{
"idToken": "5677b288eb1fdccbe46d6fc0f241a51766sht3"
}
Content example (using OAuth2 authorization code & redirect URI):
{
"code": "46d6fc0f293144b288eb1fdccbe41a51766ecd3d",
"redirectUri": "https://somehost.com:3000/facebook"
}
Code: 200 OK
Headers:
Content-Type: application/json
Content:
Field | Type | Description | Condition |
---|---|---|---|
accessToken | string | JWT token usable to access protected resources. | Always |
refreshToken | string | JWT token usable one-time only to refresh an expired accessToken . |
Always |
Content example:
{
"accessToken": "93144b288eb1fdccbe46d6fc0f241a51766ecd3d",
"refreshToken": "6d6fc0f241a51766ecd3d93144b288eb1fdccbe4"
}
Code: 400 BAD REQUEST
Condition: If missing accessToken
, idToken
and code
.
Headers:
Content-Type: application/json
Content example:
{
"code": 400,
"description": "Bad Request",
"cause": "missing code"
}
Code: 401 UNAUTHORIZED
Condition: If any of accessToken
, idToken
or code
is invalid or expired.
Headers:
Content-Type: application/json
Content example:
{
"code": 401,
"description": "Unauthorized",
"cause": "Verification failed: accessToken is expired"
}