Auth & OAuth
Initialize a secure user authentication handoff to redirect an authenticated user from a customer application to a BlueNexus application without re-authentication. This endpoint returns a short-lived handoff code to include when redirecting the user to the BlueNexus application.
Access restriction: Whitelabel customer client only
Enter JWT access token
Request body for initializing authentication handoff
The redirect URI to send the user back to
https://example.com/callbackThe intent of the authentication request
connectionsPossible values: Authentication handoff initialized successfully
Unable to determine client criterias for secure handoff
Internal server error
Authenticate a user using a signed SIWE payload and an optional sessionId to continue an existing session. Returns access and refresh tokens as well as the session ID. The session ID can be stored for future authentication requests to continue on the same session.
Confidential clients must pass their credentials using Basic Auth in the Authorization header. Public clients without secret must pass the client_id in the body.
Access restriction: Whitelabel customer client only
OAuth Client credentials
Basic auth credentials with client ID and secret. Optional, public clients without secret must pass the client_id in the body.
Authenticate request body
Client ID to pass for public clients (no secret). Clients with a secret can use the Basic authorization headers instead (recommended).
Client secret. Optional for public clients (no secret). Required for confidential clients. Clients with a secret can use the Basic authorization headers instead (recommended).
Signature of the SIWE payload
Session id to continue, if not provided a new session is created
Authenticate response
Unauthorized
Internal server error
Either exchange an authorization code for an access token or refresh an access token using a refresh token.
Basic auth credentials with client id and secret. If undefined, falls back to client id and secret in the body. Whatever the method, the client ID is required. Client without secret should use the body.
Token exchange request body
OAuth grant type
Authorization code. Required for the authorization_code grant type.
Redirect URI. Required for the authorization_code grant type. It must match the redirect URI used to obtain the authorization code.
https://example.com/oauth/callbackClient ID.
Client secret.
PKCE code verifier. Required for the authorization_code grant type.
Refresh token. Required for the refresh_token grant type.
Token exchange response
Unauthorized
Internal server error
OAuth error response
Revoke an auth session from an access token or a refresh token.
Basic auth credentials with client id and secret. If undefined, falls back to client id and secret in the body. Whatever the method, the client ID is required. Client without secret should use the body.
Revoke access token or refresh token request body
Token to revoke, either access or refresh token.
Token type hint, indicating if the provided token is either an access or a refresh token.
Client ID. Could be passed in the body or as a Basic Authorization header as the preferred method. Whatever the method, the client ID is required.
Client secret. Could be passed in the body or as a Basic Authorization header as the preferred method.
No content for the revoke response, as per OAuth specification.
No content
Unauthorized
Internal server error
No content
Last updated