Skip to main content

Mint OAuth 2.0 & OIDC tokens

This endpoint creates a set of OAuth 2.0 tokens for a specific user.

To generate a refresh token request scope offline_access. To generate an ID token request scope openid.

Custom claims can be specified in the request body which will be added to the token's payload. Custom claims are added to the token's payload.

Tokens created with this endpoint will have an authenticated_methods claim equal to ["api"].

The following claims are reserved and cannot be specified:

  • aud
  • exp
  • jti
  • iat
  • iss
  • nbf
  • sub
  • prev_token_id
  • oid
  • org_id
  • user_id
  • person_id
  • first_token
  • authenticated_methods
  • oidc_tokens
  • user_token
  • groups
  • roles
  • access_token
  • refresh_token
  • id
  • id_token
  • gdpr
  • gdpr_consent
  • gdpr_consent_level
  • parent_user_id
  • parent_person_id
  • parent_org_id
  • parent_oid
  • attributes
  • custom_claims
  • slashid
  • slashid.dev
  • slashid.com
  • slashid.me
  • sid

With the following request body:

{
"custom_claims": {
"foo": "bar",
"baz": {"everything": 42}
}
}

the token in the response will have the following payload:

{
"authenticated_methods": [
"api"
],
"baz": {
"everything": 42
},
"exp": <expiration time timestamp>,
"first_token": false,
"foo": "bar",
"iat": <issued at timestamp>,
"iss": <token issuer>,
"jti": <token ID>,
"oid": <organisation ID>,
"person_id": <person ID>
}
Header Parameters
  • SlashID-OrgID string required

    The organization ID

    Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1
Request Body
  • person_id string required

    Person ID

  • client_id string required

    The client identifier.

  • scopes string[]
  • custom_claims object
Responses

OK


Schema
  • meta object
  • pagination object
  • limit integer
  • offset integer
  • total_count int64
  • errors object[]
  • httpcode integer
  • message string
  • result object
  • id_token string
  • access_token string
  • refresh_token string