Download OpenAPI specification:Download
Manage sessions and refresh access tokens for silent authentication and SSO across apps. These sessions apply to any of the authentication methods implemented using a backend-to-backend integration ('Backend Authentication').
Authenticates an existing session in order to obtain an access token without explicit user interaction. This enables silent authentication and single sign-on (SSO).
resource | string Resource URI the authentication request is attempting to access, which is reflected in the audience ( |
object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. | |
org_id | string Organization ID, used for member login in B2B scenarios |
object Client attributes | |
session_id required | string Authentication session ID returned by other backend methods. |
Returns user tokens
{- "resource": "string",
- "claims": {
- "id_token": {
- "roles": null
}
}, - "org_id": "string",
- "client_attributes": {
- "user_agent": "string",
- "ip_address": "string"
}, - "session_id": "string"
}
{- "access_token": "string",
- "id_token": "string",
- "refresh_token": "string",
- "token_type": "string",
- "expires_in": 3600,
- "session_id": "string"
}
Exchange the refresh token returned upon successful authentication for a new access token.
Returns user tokens
{- "refresh_token": "string"
}
{- "access_token": "string",
- "id_token": "string",
- "refresh_token": "string",
- "token_type": "string",
- "expires_in": 3600
}
Retrieves all active sessions for a specified user
[- {
- "session_id": "string",
- "start_time": "2019-08-24T14:15:22Z",
- "expiration_time": "2019-08-24T14:15:22Z"
}
]