The Token Controller manages authentication tokens and implements OAuth2 token-related functionality in the Auth Server.
Reference
Request Code
Request a code which then must be exchanged for a token. The code is only very short-lived.
| Field | Type | Required | Description |
|---|---|---|---|
| client_id | string | ✓ | client_id for the requesttoken |
| device | string | ✗ | Device Identifier for this operation. |
| iframe | boolean | ✗ | Set to true, if your application runs in an iFrame |
| state | string | ✓ | State for this operation |
Request Token
This endpoint exchanges an authorization code for a short-lived access token. The response includes token type, user details, client ID, access token, and expiration time.
| Field | Type | Required | Description |
|---|---|---|---|
| casa | base64 | ✗ | Object with information regarding the support request – customerId, userId and reason |
| client_id | string | ✓ | client_id for the requesttoken |
| code | string | ✓ | Code to be exchanged for token |
| device | string | ✗ | Device Identifier for this operation. |
| grant_type | string | ✓ | grant_type for the requesttoken |
| redirect_uri | string | ✗ | redirect_uri for the requesttoken |
| resource | string | ✗ | Resource to get access to |
| state | string | ✗ | State for this operation |
| Field | Type | Description |
|---|---|---|
| accessToken | string | The access token to use |
| accessTokenExpires | integer | Unix timestamp of the token expiration time |
| accessTokenExpiresAt | datetime | Datetime when the token expires |
| access_token | string | The access token to use in oauth |
| casa | object | Customer approved support access |
| └ id | integer | Id of the support user with support access |
| client | object | Client information |
| └ id | string | Client id of this app |
| state | string | State for this operation |
| tokenType | string | Type of token that is returned. |
| token_type | string | Type of token that is returned. |
| user | object | User object |
| └ customerId | integer | CustomerId of the user in this app |
| └ id | integer | id of the user |
| └ adminLevel | integer | AdminLevel of the user in this app |
| Email address of the user |
Example Response
{
"tokenType": "bearer",
"user": {
"customerId": 123,
"id": 123,
"adminLevel": 0,
"email": "jane.doe@admiralcloud.com"
},
"client": {
"id": "ae744902-efb2-448a-919d-18b27212aa86"
},
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"accessTokenExpiresAt": "2024-02-22T14:45:23.090Z",
"accessTokenExpires": 1708609523
}Introspect
This endpoint provides token introspection following the OAuth2 specification. It checks token validity and returns active status, token type, expiration, and session information including user and customer details.
| Field | Type | Required | Description |
|---|---|---|---|
| resource | string | ✗ | Resource to get access to |
Check Signed Session
This endpoint validates signed session requests, verifying authentication metadata and returning client, user, and customer information for valid sessions.
You have to send the header “x-admiralcloud-authmeta” that contains the HTTP method and the path for the signed payload, e.g. “post:/v1/userTask”.
POST /v4/checkSignedSession