๐๏ธ Retrieve a list of OAuth2 clients
Retrieve a list of existing OAuth 2.0 clients for your organization.
๐๏ธ Create a new OAuth2 client
Create a new client ID/secret pair that can be used with the client credentials grant type. A valid SlashID organization ID and API key must be used to authenticate and authorize the request. The client credentials can be configured. SlashID currently supports the following OAuth 2.0 grants: - client credentials - authorization code - refresh token The `grant_types` field may contain only the values `client_credentials` and `authorization_code`. Other values will return a `400` error code. The client credentials grant requires a client secret, and so all clients allowing that grant should be regarded as confidential, as defined in the OAuth 2.0 specification (https://oauth.net/2/client-types/). The response body will include the client ID and client secret. For the client credentials grant, these can be used with the `/oauth2/tokens` endpoints to obtain an access token. For the authorization code grant, these can be used as described in the [OAuth 2.0 specification](https://datatracker.ietf.org/doc/html/rfc6749). The client secret must be stored securely, and cannot be retrieved in subsequent API calls. If you lose the client secret, a new secret can be generated using the `PUT /oauth2/clients/{oauth_client_id}/secret` endpoint.
๐๏ธ Retrieve an OAuth2 client
Get details on the identified client. Authenticated with a SlashID organization ID and API key; the organization ID must match or be a parent of the client owner.
๐๏ธ Delete an existing OAuth2 client
Delete the identified client. Authenticated with a SlashID organization ID and API key; the organization ID must match or be a parent of the client owner.
๐๏ธ Modify an existing OAuth2 client
Update the identified client. Authenticated with a SlashID organization ID and API key; the organization ID must match or be a parent of the client owner. SlashID currently only supported a subset of OAuth clients, therefore we enforce that grant_types must be ['client_credentials']. Setting this field to any other value will result in an error response with a `400` status code.
๐๏ธ Generate a new client secret
A new client secret is created and returned. The previous secret will no longer be valid after this.
๐๏ธ Retrieve the configuration for the hosted UI
The configuration is used to theme the hosted UI.
๐๏ธ Modify the configuration for the hosted UI
The configuration is used to theme the hosted UI.
๐๏ธ Request an authorization code
Used to initiate an authorization code flow. SlashID is an OAuth 2.0 and OpenID Connect 1.0 provider.
๐๏ธ Obtain an access token
Obtain a new OAuth 2.0 access token using an OAuth 2.0 client ID/secret pair.
๐๏ธ Revoke an access token
Revoke an OAuth 2.0 access token using an OAuth 2.0 client ID/secret pair.
๐๏ธ Introspect an access token
Introspect an OAuth 2.0 access or refresh token using an OAuth 2.0 client ID/secret pair. Note: there is a know issue for this endpoint, whereby the expiry for refresh tokens in the response is incorrect. However, expired refresh tokens will still return a response with `active: false`.
๐๏ธ Mint OAuth 2.0 & OIDC tokens
This endpoint creates a set of OAuth 2.0 tokens for a specific user. To generate a refresh token request scope `offline_access`. To generate an ID token request scope `openid`. Custom claims can be specified in the request body which will be added to the token's payload. Custom claims are added to the token's payload. Tokens created with this endpoint will have an `authenticated_methods` claim equal to ['api']. The following claims are reserved and cannot be specified: - aud - exp - jti - iat - iss - nbf - sub - prev_token_id - oid - org_id - user_id - person_id - first_token - authenticated_methods - oidc_tokens - user_token - groups - roles - access_token - refresh_token - id - id_token - gdpr - gdpr_consent - gdpr_consent_level - parent_user_id - parent_person_id - parent_org_id - parent_oid - attributes - custom_claims - slashid - slashid.dev - slashid.com - slashid.me - sid With the following request body: ``` { 'custom_claims': { 'foo': 'bar', 'baz': {'everything': 42} } } ``` the token in the response will have the following payload: ``` { 'authenticated_methods': [ 'api' ], 'baz': { 'everything': 42 }, 'exp': <expiration time timestamp>, 'first_token': false, 'foo': 'bar', 'iat': <issued at timestamp>, 'iss': <token issuer>, 'jti': <token ID>, 'oid': <organisation ID>, 'person_id': <person ID> } ```
๐๏ธ Retrieve a person's profile
Given the SlashID Access Token obtained during signin, this endpoint returns a person's profile. This endpoint will work only if `openid` was granted as a scope for the Access Token. The information included in the response depends on the scopes requested. For example, a scope of just `openid` may return less information than a scope of `openid profile email`.
๐๏ธ Retrieve a person's profile
Given the SlashID Access Token obtained during signin, this endpoint returns a person's profile. This endpoint will work only if `openid` was granted as a scope for the Access Token. The information included in the response depends on the scopes requested. For example, a scope of just `openid` may return less information than a scope of `openid profile email`.