Content Portal API

GET auth/oidc/authenticate

Retrieve an ID token for the given user, destined for the given identity consumer. This is part of our OpenID Connect 1.0 provider implementation.

For example, the forums authentication workflow goes like this:

The user clicks the forum login button.
The forum forwards the user to the OpenID endpoint, where
the user is allowed to log in (or was already), and
this API method is called to get an ID token.
The token is forwarded back to the forum as a parameter to the redirect URL,
and the forum reads and validates the ID token before using it as sufficient credentials to log in the user.

Example

GET /api/v1/auth/oidc/authenticate HTTP/1.1
  ?aud=https://community.theendlessmission.com
  &redirectUrl=https://community.theendlessmission.com/auth/oidc/callback
  &nonce=123456789

----------------------------------------
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
ETag: ...

{
  "idToken": "eyJ...uwQ",
  "redirectUrl": "https://community.theendlessmission.com/auth/oidc/callback",
  "expiresIn": 600
}

Security

Authentication is required for this method, but any user is permitted.

URL Parameters

NONE

Query Parameters

Name	Description	Value
aud	the identity consumer that we are logging into; included to validate the client against accepted consumers	string
redirectUrl	the return target; included to validate the return against accepted consumers	string
nonce	a nonce value to include in the resulting token optional	string

Request Body

NONE

Response

Successful responses are code 200 with data in the response body. Error responses are standard.

Response Body

Name	Description	Value
idToken	the generated ID token to forward to the consumer	string
redirectUrl	the valid redirect URL	string
expiresIn	the amount of time until the given ID token expires, in seconds	number