Endpoints

Endpoints supported by Authorizer

/

GET / - Root endpoint opens authorize dashboard

/.well-known/openid-configuration

GET /.well-known/openid-configuration - Returns OPEN ID configuration for instance

/.well-known/jwks.json

GET /.well-known/jwks.json - To get public key config of JWT token. Used to decode and verify JWT. Recommended to use RS256 JWT type

/app

GET /app - Application with builtin UI that you can easily integrate in your application.

/graphql

POST /graphql - GraphQl endpoint for all the GraphQL queries and mutations

/verify_email

GET /verify_email?token=TOKEN - Endpoint to verify email address

/userinfo

GET /userinfo - Endpoint to get user information. Requires Authorization header with bearer access token

/authorize

GET /authorize - Endpoint to perform authentication and authorization. It allows perform authentication via builtin login page.

  • It supports PKCE flow. This will help user to perform authentication and authorization in safe memory and prevent from CSRF attack. It also enables perform authorization with safety on mobile applications (Tried and tested with Expo AuthSession)

  • It supports Implicit Flow

This end point has following query parameters

Query String Params

KeyDescriptionRequired
client_idYour client_idtrue
redirect_uriURL where user should be redirected after logintrue
response_typeWhat type of response you want. It supports code & token as response types. Default value is tokenfalse
code_challengeSHA-256 challenge used to verify the code that will be sent. Required when code flow is usedfalse
stateUnique state identifier that is used to make sure request is not interruptedtrue
scopeSpace separated list of openID scopes. If not present default scopes openid email profile is usedfalse
response_modeResponse is required in which format. Supports 2 forms query (returns redirect url with response in query string) and web_message (returns html page with data embedded in JS). Default its value is queryfalse

Response is typically a web page with code / token details or redirection to expected url with token as query params

/oauth/token

POST /oauth/token - Endpoint used to get the token information when oauth & openid flow is performed.

Note: Valid browser session is required to get token information in case grant_type authorization_code is used

Request Body Params

KeyDescriptionRequired
grant_typeSupports authorization_code & refresh_token grant types. Default is authorization_codefalse
code_verifierCode verifier to verify against the code_challenge sent in authorize request. Required if authorization_code flow is used.false
codeCode returned form authorize request is sent to make sure it is follow up of same requestfalse
refresh_tokenRefresh token used to get the new access token. Required in case of refresh_token grant typefalse

Response

KeyDescription
access_tokenaccessToken that frontend application can use for further authorized requests
expires_intimestamp when the current token is going to expire, so that frontend can request for new access token
id_tokenJWT token holding the user information
refresh_tokenWhen scope includes offline_access, Long living token is returned which can be used to get new access tokens. This is rotated with each request
scopeList of openID scopes

oauth/revoke

Request Body Params

KeyDescriptionRequired
refresh_tokenRefresh token to be revokedtrue

Response

KeyDescription
messageSuccess message

/oauth_login/:oauth_provider

GET /oauth_login/:oauth_provider - Endpoint to perform oauth login for various providers like google, github, facebook This endpoint supports following query parameters

Query String Params

KeyDescriptionRequired
redirectURLURL where user should be redirected after logintrue
stateUnique state identifier that is used to make sure request is not interruptedtrue
rolesComma separated list of roles to login with. If not present default role(user) is usedfalse
scopeSpace separated list of openID scopes. If not present default scopes openid email profile is usedfalse

Sample URL: /oauth_login/google?redirectURL=https://myapp.com&role=admin

/oauth_callback/:oauth_provider

GET /oauth_callback/:oauth_provider - Endpoint that is used by oauth providers as callback after success / unsuccessful login

logout

GET logout - Endpoint to logout user This endpoint supports following query parameters

Query String Params

KeyDescriptionRequired
redirect_uriURL where user should be redirected after logoutfalse