Social Login

Download OpenAPI specification:Download

Login users using social login providers like Google Sign-In. This implements a backend-to-backend integration for authentication. Irrespective of the social login provider, the flow includes three steps: initiating a login, submitting the received code to Mosaic, and finally completing authentication with Mosaic.

Start login with Google

Starts the Google login flow. This call returns an authorization URL to redirect the user to.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
redirect_uri
required
string

The URI the identity provider will redirect the user to after authentication. Must match one of the pre-configured redirect URIs in the application's social login settings. This URI will receive the authorization code that can be exchanged for user information.

state
string

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

Responses
200

Backend auth initialized successfully.

post/v1/auth/social/google/start
Request samples
application/json
{}
Response samples
application/json
{}

Complete login with Google

Completes the Google social login flow and authenticates the user in Mosaic.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
resource
string

Resource URI the authentication request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application.

object

Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference.

org_id
string

Organization ID, used for member login in B2B scenarios

object

Client attributes

session_id
string

Used to associate the authentication with an existing session (such as for MFA). If unspecified, a new session is created and the session ID is returned.

transaction_id
required
string

The transaction identifier that was previously returned by the verification endpoint. This ID is required to associate this authentication request with the verified token information stored during the verification step.

user_id
required
string

An identifier of the user for whom the token is being requested

Responses
200

Returns user tokens

post/v1/auth/social/google/authenticate
Request samples
application/json
{
  • "resource": "string",
  • "claims": {
    },
  • "org_id": "string",
  • "client_attributes": {
    },
  • "session_id": "string",
  • "transaction_id": "string",
  • "user_id": "string"
}
Response samples
application/json
{
  • "access_token": "string",
  • "id_token": "string",
  • "refresh_token": "string",
  • "token_type": "string",
  • "expires_in": 3600,
  • "session_id": "string"
}

Start login with Facebook

Starts the Facebook login flow. This call returns an authorization URL to redirect the user to.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
redirect_uri
required
string

The URI the identity provider will redirect the user to after authentication. Must match one of the pre-configured redirect URIs in the application's social login settings. This URI will receive the authorization code that can be exchanged for user information.

state
string

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

Responses
200

Backend auth initialized successfully.

post/v1/auth/social/facebook/start
Request samples
application/json
{}
Response samples
application/json
{}

Complete login with Facebook

Completes the Facebook social login flow and authenticates the user in Mosaic.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
resource
string

Resource URI the authentication request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application.

object

Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference.

org_id
string

Organization ID, used for member login in B2B scenarios

object

Client attributes

session_id
string

Used to associate the authentication with an existing session (such as for MFA). If unspecified, a new session is created and the session ID is returned.

transaction_id
required
string

The transaction identifier that was previously returned by the verification endpoint. This ID is required to associate this authentication request with the verified token information stored during the verification step.

user_id
required
string

An identifier of the user for whom the token is being requested

Responses
200

Returns user tokens

post/v1/auth/social/facebook/authenticate
Request samples
application/json
{
  • "resource": "string",
  • "claims": {
    },
  • "org_id": "string",
  • "client_attributes": {
    },
  • "session_id": "string",
  • "transaction_id": "string",
  • "user_id": "string"
}
Response samples
application/json
{
  • "access_token": "string",
  • "id_token": "string",
  • "refresh_token": "string",
  • "token_type": "string",
  • "expires_in": 3600,
  • "session_id": "string"
}

Start login with Apple

Starts the Apple login flow. This call returns an authorization URL to redirect the user to.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
redirect_uri
required
string

The URI the identity provider will redirect the user to after authentication. Must match one of the pre-configured redirect URIs in the application's social login settings. This URI will receive the authorization code that can be exchanged for user information.

state
string

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

Responses
200

Backend auth initialized successfully.

post/v1/auth/social/apple/start
Request samples
application/json
{}
Response samples
application/json
{}

Complete login with Apple

Completes the Apple social login flow and authenticates the user in Mosaic.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
resource
string

Resource URI the authentication request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application.

object

Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference.

org_id
string

Organization ID, used for member login in B2B scenarios

object

Client attributes

session_id
string

Used to associate the authentication with an existing session (such as for MFA). If unspecified, a new session is created and the session ID is returned.

transaction_id
required
string

The transaction identifier that was previously returned by the verification endpoint. This ID is required to associate this authentication request with the verified token information stored during the verification step.

user_id
required
string

An identifier of the user for whom the token is being requested

Responses
200

Returns user tokens

post/v1/auth/social/apple/authenticate
Request samples
application/json
{
  • "resource": "string",
  • "claims": {
    },
  • "org_id": "string",
  • "client_attributes": {
    },
  • "session_id": "string",
  • "transaction_id": "string",
  • "user_id": "string"
}
Response samples
application/json
{
  • "access_token": "string",
  • "id_token": "string",
  • "refresh_token": "string",
  • "token_type": "string",
  • "expires_in": 3600,
  • "session_id": "string"
}

Start login with Tiktok

Starts the Tiktok login flow. This call returns an authorization URL to redirect the user to.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
redirect_uri
required
string

The URI the identity provider will redirect the user to after authentication. Must match one of the pre-configured redirect URIs in the application's social login settings. This URI will receive the authorization code that can be exchanged for user information.

state
string

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

Responses
200

Backend auth initialized successfully.

post/v1/auth/social/tiktok/start
Request samples
application/json
{}
Response samples
application/json
{}

Complete login with Tiktok

Completes the Tiktok social login flow and authenticates the user in Mosaic.

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
resource
string

Resource URI the authentication request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application.

object

Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference.

org_id
string

Organization ID, used for member login in B2B scenarios

object

Client attributes

session_id
string

Used to associate the authentication with an existing session (such as for MFA). If unspecified, a new session is created and the session ID is returned.

transaction_id
required
string

The transaction identifier that was previously returned by the verification endpoint. This ID is required to associate this authentication request with the verified token information stored during the verification step.

user_id
required
string

An identifier of the user for whom the token is being requested

Responses
200

Returns user tokens

post/v1/auth/social/tiktok/authenticate
Request samples
application/json
{
  • "resource": "string",
  • "claims": {
    },
  • "org_id": "string",
  • "client_attributes": {
    },
  • "session_id": "string",
  • "transaction_id": "string",
  • "user_id": "string"
}
Response samples
application/json
{
  • "access_token": "string",
  • "id_token": "string",
  • "refresh_token": "string",
  • "token_type": "string",
  • "expires_in": 3600,
  • "session_id": "string"
}

Submit code from Google

Submits the authorization code returned by Google to exchange for user identity information

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
code
required
string

The code received from the social login provider

state
string

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

Responses
200

Returns user claims and transaction ID

post/v1/auth/social/google/verify
Request samples
application/json
{
  • "code": "string",
  • "state": "string"
}
Response samples
application/json
{
  • "transaction_id": "string",
  • "claims": { }
}

Submit code from Facebook

Submits the authorization code returned by Facebook to exchange for user identity information

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
code
required
string

The code received from the social login provider

state
string

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

Responses
200

Returns user claims and transaction ID

post/v1/auth/social/facebook/verify
Request samples
application/json
{
  • "code": "string",
  • "state": "string"
}
Response samples
application/json
{
  • "transaction_id": "string",
  • "claims": { }
}

Submit code from Apple

Submits the authorization code returned by Apple to exchange for user identity information

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
code
required
string

The code received from the social login provider

state
string

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

Responses
200

Returns user claims and transaction ID

post/v1/auth/social/apple/verify
Request samples
application/json
{
  • "code": "string",
  • "state": "string"
}
Response samples
application/json
{
  • "transaction_id": "string",
  • "claims": { }
}

Submit code from TikTok

Submits the authorization code returned by TikTok to exchange for user identity information

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
code
required
string

The code received from the social login provider

state
string

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

Responses
200

Returns user claims and transaction ID

post/v1/auth/social/tiktok/verify
Request samples
application/json
{
  • "code": "string",
  • "state": "string"
}
Response samples
application/json
{
  • "transaction_id": "string",
  • "claims": { }
}