# Social Login

Login users using social login providers like Google Sign-In. This implements a frontend integration for authentication, where the client obtains an authorization code that your app can exchange in the backend for user tokens.


## Servers

Sandbox environment
```
https://api.sbx.transmitsecurity.io/cis
```

Production environment (US)
```
https://api.transmitsecurity.io/cis
```

Production environment (EU)
```
https://api.eu.transmitsecurity.io/cis
```

Production environment (CA)
```
https://api.ca.transmitsecurity.io/cis
```

Production environment (AU)
```
https://api.au.transmitsecurity.io/cis
```

## Security

### bearer

Type: http
Scheme: bearer
Bearer Format: JWT

### UserAccessToken

A token returned upon end-user authentication, which provides access to resources and data for the user and app for which it was generated

Type: http
Scheme: bearer
Bearer Format: JWT

### AdminAccessToken

A token generated by a management application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to all resources for the tenant and its apps

Type: oauth2

### ClientAccessToken

A token generated by an end-user application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to resources and data on the tenant level or associated with the specific application (but not other apps in the tenant)

Type: oauth2

### OrgAdminAccessToken

A token returned upon B2B authentication for a user that has the organizationAdmin or organizationCreator role.

Type: oauth2

## Download OpenAPI description

[Social Login](https://developer.transmitsecurity.com/_bundle/openapi/user/social-login.openapi.yaml)

## Other

### Login with Google

 - [GET /v1/auth/google](https://developer.transmitsecurity.com/openapi/user/social-login.openapi/other/startgoogleflow.md): Authenticate the user using Google Sign-In. This endpoint should be called from the user's browser. It will redirect the User Agent to the Google IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /oidc/token endpoint.

### Login with Apple

 - [GET /v1/auth/apple](https://developer.transmitsecurity.com/openapi/user/social-login.openapi/other/startappleauth.md): Authenticate the user using Sign in with Apple. This endpoint should be called from the user's browser. It will redirect the User Agent to the Apple IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /oidc/token endpoint.

### Login with Facebook

 - [GET /v1/auth/facebook](https://developer.transmitsecurity.com/openapi/user/social-login.openapi/other/startfacebookauth.md): Authenticate the user using Facebook Login. This endpoint should be called from the user's browser. It will redirect the User Agent to the Facebook IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /oidc/token endpoint.

### Login with LINE

 - [GET /v1/auth/line](https://developer.transmitsecurity.com/openapi/user/social-login.openapi/other/startlineauth.md): Authenticate the user using LINE login. This endpoint should be called from the user's browser. It will redirect the User Agent to the LINE IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /oidc/token endpoint.

### Logout

 - [POST /v1/auth/logout](https://developer.transmitsecurity.com/openapi/user/social-login.openapi/other/logout.md): Logout the user from a specific session. The user and session are derived from the access token used to authorize the request (which was issued based on the authentication that created the session)

### Exchange code for token (deprecated)

 - [POST /v1/token](https://developer.transmitsecurity.com/openapi/user/social-login.openapi/other/tokenexchange.md): Retrieve ID and access tokens. This API is used to retrieve ID and access tokens using the code that was returned in the redirect URI as a query parameter (for example, when the user clicks a magic link). It may also create a new user if create_new_user was set to true in the send request and no user exists for the email address or phone number (depending on the flow).