Authentication

This page details how to use the Authentication Controller's login endpoint to authenticate users and obtain Auth0 tokens for session management.

To authenticate, the user must provide a base token and credentials from Auth0. We assign the necessary permissions to ensure secure access to our APIs.

Bearer token to authenticate the user:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InhJYTdTZDFKZThxU01ZaHY4WVhaYSJ9.eyJpc3MiOiJodHRwczovL2ZyZWVuYW1lLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiJsS1hYa1FpS3hmRFdyTmUzYWtnSEFOQWxZS0tiTWNVMkBjbGllbnRzIiwiYXVkIjoiaHR0cHM6Ly9hdXRoMC8iLCJpYXQiOjE3Njg0NjI5NDAsImV4cCI6MTc3MTA1NDk0MCwic2NvcGUiOiJyZWFkIEFkbWluIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIiwiYXpwIjoibEtYWGtRaUt4ZkRXck5lM2FrZ0hBTkFsWUtLYk1jVTIiLCJwZXJtaXNzaW9ucyI6WyJyZWFkIiwiQWRtaW4iXX0.GPOgy8EXr4uDwJP07PANemsI7eSOy-yTcchHL0ydBLDZL1V3V0Fm4_ecsq-7OT2Qcl4jJHOcJitC6A7lZKU_z_Gx5FJGwzg-oxifrxjlveZ1VWZp9AYm5DcID3zdjcj69NeyOxzBF_1f7I0GNwnp5Wjgo9eEm5409jb-nvAdggUKl5XG3IU3ZlQuNleRXns9sCCksAI3lpt5ht7a-l3EveaXkKfhEBp2HuESk7Ou-5bLFzt3BuoxIPTFWEgrtMA-Sk1EtUayKCTyLQpvGdL3puy-U2MtYvLkCbjRMN-fg109AoYnBrUkxi510gYNpV746d1nRKGyr3g2FQus9WyUKw

1. Log in with a given username and password.

To log in, users must first request an authorization token, which we provide upon initial request. With this authorization token, users can then request an access token. Upon successful authentication, an access token, refresh token, and ID token will be provided in the response. The access token is used for accessing other APIs, while the refresh token allows users to obtain a new access token without further interaction.

• POST /api/v1/auth/login

Request Headers

Name	Description
Bearer Token	[Required] The first authorization token we provide for the log in.

Request

{
    "username": "your_username",
    "password": "password"
}

Response

200 OK

{
    "access_token": "eyJhbGciOi...W5Aq_PT-aHS4zfDWKVdhTuIC081TfyW8A",
    "refresh_token": "iCBG8_QvW...17aUv5",
    "id_token": "eyJhbGciOiJSUzI1NiI...3BruaGMzqgc6N0OgnrLFpmsx4i8g",
    "scope": "openid profile email address phone offline_access",
    "expires_in": 2592000,
    "token_type": "Bearer"
}

1. Request a new access given the refresh token obtained during the log in.

To request a new access token using the refresh token obtained during login, send a request with the refresh token. Upon successful verification, a new access token and ID token will be provided in the response.

Name	Description
Bearer Token	[Required] The access token can be used to renew and utilize the refresh token.

Request

{
    "refreshToken": "iCBG8_QvWq1...mD917aUv5"
}

Response

{
    "access_token": "eyJhbGciOiJSUzI1NiIsIn...opG2Of3PMT0wtmvad5JpFseBB_7ZmA",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR...yJ4Wko-QM0Dkw",
    "scope": "openid profile email address phone offline_access",
    "expires_in": 2592000,
    "token_type": "Bearer"
}