Reference / OIDC SSO

validate the flow, exchange the code (PKCE), verify the id_token, and issue a session. Clears the flow cookie on success.

GET /v1/auth/oidc/{application_id}/{connection_id}/callback
End-user session operationId: callback

Authorization

Called from the browser with the publishable application id (x-application-id); the access token lives in memory.

Path parameters

  • application_id string<uuid> required

    Application id

  • connection_id string<uuid> required

    Connection id

Responses

200 Session issued
{
  "data": {
    "aal": 0,
    "access_token": "string",
    "expires_in": 0,
    "refresh_token": "string",
    "session_id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
    "token_type": "string"
  },
  "error": {
    "code": "string",
    "message": "string"
  },
  "meta": {
    "timestamp": "string"
  },
  "success": false
}
401 Auth failed

Request

curl -X GET "http://localhost:8080/v1/auth/oidc/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/callback" \

Try it

live request
GET http://localhost:8080/v1/auth/oidc/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/callback

Path parameters