Skip to content

Social Login

Login users using social login providers like Google Sign-In. This implements a frontend integration for authentication, where the client obtains an authorization code that your app can exchange in the backend for user tokens.

Download OpenAPI description
social-login.openapi.json
social-login.openapi.yaml
Languages
Servers
Sandbox environment
https://api.sbx.transmitsecurity.io/cis/
Production environment (US)
https://api.transmitsecurity.io/cis/
Production environment (EU)
https://api.eu.transmitsecurity.io/cis/
Production environment (CA)
https://api.ca.transmitsecurity.io/cis/
Production environment (AU)
https://api.au.transmitsecurity.io/cis/

Login with Google

Request

Authenticate the user using Google Sign-In. This endpoint should be called from the user's browser. It will redirect the User Agent to the Google IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /oidc/token endpoint.

Query
client_idstring<= 150 charactersrequired

Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal

Example: client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV
redirect_uristringrequired

URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal

Example: redirect_uri=https://www.example.com/login
create_new_userboolean

Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application.

Default true
resourcestring

Resource URI the login is attempting to access.

require_mfaboolean

Require multi factor authentication for this authentication request.

Default false
Example: require_mfa=true
claimsstring

A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. Note: You should stringify the value.

Example: claims={"id_token":{"roles":null}}
statestring

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

noncestring

A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request

org_idstring

Organization ID, used for member login in B2B scenarios

curl -i -X GET \
  'https://api.sbx.transmitsecurity.io/cis/v1/auth/google?client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV&redirect_uri=https%3A%2F%2Fwww.example.com%2Flogin&create_new_user=true&resource=string&require_mfa=true&claims={%22id_token%22%3A{%22roles%22%3Anull}}&state=string&nonce=string&org_id=string'

Responses

Redirect with code

Response
No content

Login with Apple

Request

Authenticate the user using Sign in with Apple. This endpoint should be called from the user's browser. It will redirect the User Agent to the Apple IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /oidc/token endpoint.

Query
client_idstring<= 150 charactersrequired

Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal

Example: client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV
redirect_uristringrequired

URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal

Example: redirect_uri=https://www.example.com/login
create_new_userboolean

Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application.

Default true
resourcestring

Resource URI the login is attempting to access.

require_mfaboolean

Require multi factor authentication for this authentication request.

Default false
Example: require_mfa=true
claimsstring

A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. Note: You should stringify the value.

Example: claims={"id_token":{"roles":null}}
statestring

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

noncestring

A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request

org_idstring

Organization ID, used for member login in B2B scenarios

curl -i -X GET \
  'https://api.sbx.transmitsecurity.io/cis/v1/auth/apple?client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV&redirect_uri=https%3A%2F%2Fwww.example.com%2Flogin&create_new_user=true&resource=string&require_mfa=true&claims={%22id_token%22%3A{%22roles%22%3Anull}}&state=string&nonce=string&org_id=string'

Responses

Redirect with code

Response
No content

Login with Facebook

Request

Authenticate the user using Facebook Login. This endpoint should be called from the user's browser. It will redirect the User Agent to the Facebook IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /oidc/token endpoint.

Query
client_idstring<= 150 charactersrequired

Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal

Example: client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV
redirect_uristringrequired

URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal

Example: redirect_uri=https://www.example.com/login
create_new_userboolean

Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application.

Default true
resourcestring

Resource URI the login is attempting to access.

require_mfaboolean

Require multi factor authentication for this authentication request.

Default false
Example: require_mfa=true
claimsstring

A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. Note: You should stringify the value.

Example: claims={"id_token":{"roles":null}}
statestring

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

noncestring

A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request

org_idstring

Organization ID, used for member login in B2B scenarios

curl -i -X GET \
  'https://api.sbx.transmitsecurity.io/cis/v1/auth/facebook?client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV&redirect_uri=https%3A%2F%2Fwww.example.com%2Flogin&create_new_user=true&resource=string&require_mfa=true&claims={%22id_token%22%3A{%22roles%22%3Anull}}&state=string&nonce=string&org_id=string'

Responses

Redirect with code

Response
No content

Login with LINE

Request

Authenticate the user using LINE login. This endpoint should be called from the user's browser. It will redirect the User Agent to the LINE IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /oidc/token endpoint.

Query
client_idstring<= 150 charactersrequired

Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal

Example: client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV
redirect_uristringrequired

URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal

Example: redirect_uri=https://www.example.com/login
create_new_userboolean

Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application.

Default true
resourcestring

Resource URI the login is attempting to access.

require_mfaboolean

Require multi factor authentication for this authentication request.

Default false
Example: require_mfa=true
claimsstring

A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. Note: You should stringify the value.

Example: claims={"id_token":{"roles":null}}
statestring

An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

noncestring

A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request

org_idstring

Organization ID, used for member login in B2B scenarios

curl -i -X GET \
  'https://api.sbx.transmitsecurity.io/cis/v1/auth/line?client_id=DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV&redirect_uri=https%3A%2F%2Fwww.example.com%2Flogin&create_new_user=true&resource=string&require_mfa=true&claims={%22id_token%22%3A{%22roles%22%3Anull}}&state=string&nonce=string&org_id=string'

Responses

Redirect with code

Response
No content

Logout

Request

Logout the user from a specific session. The user and session are derived from the access token used to authorize the request (which was issued based on the authentication that created the session)

Security
UserAccessToken
curl -i -X POST \
  https://api.sbx.transmitsecurity.io/cis/v1/auth/logout \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Sessions deleted Successfully

Bodyapplication/json
sessions_countnumberrequired

Number of logged out sessions

Response
application/json
{
  "sessions_count": 0
}

Exchange code for tokenDeprecated

Request

Retrieve ID and access tokens. This API is used to retrieve ID and access tokens using the code that was returned in the redirect URI as a query parameter (for example, when the user clicks a magic link). It may also create a new user if create_new_user was set to true in the send request and no user exists for the email address or phone number (depending on the flow).

Bodyapplication/jsonrequired
codestringrequired

Authorization code returned in the redirect URI as a query parameter upon successful authentication

Example: "GZxLFKTDCnlANVTxNvaWz7AIGPpXqZYSXdAwjiWRuOH"
client_idstring<= 50 charactersrequired

Client ID of the application requesting the token

Example: "DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV"
client_secretstring<= 50 charactersrequired

Client Secret of the application requesting the token

Example: "FzxvdDMbvxnc45sdfb789XCVGEW6usazxcvbw3KPsb23"
curl -i -X POST \
  https://api.sbx.transmitsecurity.io/cis/v1/token \
  -H 'Content-Type: application/json' \
  -d '{
    "code": "GZxLFKTDCnlANVTxNvaWz7AIGPpXqZYSXdAwjiWRuOH",
    "client_id": "DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV",
    "client_secret": "FzxvdDMbvxnc45sdfb789XCVGEW6usazxcvbw3KPsb23"
  }'

Responses

Bodyapplication/json
id_tokenstringrequired
access_tokenstringrequired
refresh_tokenstringrequired
is_user_createdbooleanrequired

Indicates if this is a new user or not

Response
application/json
{
  "id_token": "string",
  "access_token": "string",
  "refresh_token": "string",
  "is_user_created": true
}