Authentication

This page details how to use the Authentication Controller's login endpoint to authenticate users and obtain Auth0 tokens for session management.

To authenticate, the user must provide credentials from Auth0. We assign the necessary permissions to ensure secure access to our APIs.

1. Log in with a given username and password.

To log in, users authenticate by providing valid Auth0 credentials (username and password). Upon successful authentication, an access token, refresh token, and ID token will be provided in the response. The access token is used for accessing other APIs, while the refresh token allows users to obtain a new access token without further interaction.

• POST /api/v1/auth/login

Request

{
    "username": "your_username",
    "password": "password"
}

Response

200 OK

{
    "access_token": "eyJhbGciOi...W5Aq_PT-aHS4zfDWKVdhTuIC081TfyW8A",
    "refresh_token": "iCBG8_QvW...17aUv5",
    "id_token": "eyJhbGciOiJSUzI1NiI...3BruaGMzqgc6N0OgnrLFpmsx4i8g",
    "scope": "openid profile email address phone offline_access",
    "expires_in": 2592000,
    "token_type": "Bearer"
}

Note The /api/v1/auth/login endpoint does not require an access token or Bearer authorization header. Authentication is performed using the provided user credentials only. 2. Request a new access token using the refresh token obtained during login.

To request a new access token using the refresh token obtained during login, send a request with the refresh token. Upon successful verification, a new access token and ID token will be provided in the response.

Name	Description
Bearer Token	[Required] The access token can be used to renew and utilize the refresh token.

Request

{
    "refreshToken": "iCBG8_QvWq1...mD917aUv5"
}

Response

{
    "access_token": "eyJhbGciOiJSUzI1NiIsIn...opG2Of3PMT0wtmvad5JpFseBB_7ZmA",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR...yJ4Wko-QM0Dkw",
    "scope": "openid profile email address phone offline_access",
    "expires_in": 2592000,
    "token_type": "Bearer"
}