Skip to main content
logoTetrate Service BridgeVersion: 1.11.x

IAM (OAuth)

IAM APIs for authentication.

OAuth

Token

DeviceCode

DeviceCodeRequest

Request for devices codes.

DeviceCodeResponse

Response with device codes for use with the Device Authorization flow. For additional information on the response parameters please refer to the Device Authorization Response section of the RFC https://datatracker.ietf.org/doc/html/rfc8628#section-3.2

FieldDescriptionValidation Rule

deviceCode

string
Code that the device uses to poll for tokens

userCode

string
Code the user enters in the verification URI

verificationUri

string
URI where to enter the user code

interval

int32
Rate in which to poll the token endpoint with the device code

expiresIn

int32
Expiration time of the device code in seconds

error

tetrateio.api.iam.v2.Error
Optional error code presented when an error or validation check failed.

errorMessage

string
Optional error message that contains more details about the error that occurred.

GrantRequest

Token grant request.

FieldDescriptionValidation Rule

grantType

tetrateio.api.iam.v2.GrantType
REQUIRED
Token grant type as specified in the OAuth2 specification. Current supported grant types are "urn:ietf:params:oauth:grant-type:device_code" and "refresh_token"

enum = {
  defined_only: true
}

deviceCode

string
OPTIONAL
Device code issued by the device authorization code endpoint when device code grant is used. This field is required when using a device_code grant.

refreshToken

string
OPTIONAL
Refresh token issued from a previous grant request. This field is required when using a refresh_token grant.

scope

List of string
OPTIONAL
List of requested scopes. This is a list that can include any of the scopes that are allowed by the client configuration. For refresh_token grants, this list may not include any scopes that were not part of the original token request.

clientId

string
OPTIONAL
Client ID for which the token grant request is being made. This is optional and when absent, TSB will use an appropriate client ID from configuration for the grant type being request. For a refresh grant type, this parameter may be required to ensure the appropriate client configuration is used.

resource

string
OPTIONAL
A URI that indicates the target service or resource where the client intends to use the requested token. This is used with the token exchange grant and should be the URI of TSB.

subjectToken

string
OPTIONAL
A token that represents the identity of the party on behalf of whom the request is being made. This is used with the token exchange grant and should be either an ID Token or Access Token from the configured offline token grant client.

subjectTokenType

tetrateio.api.iam.v2.TokenType
OPTIONAL
An identifier that indicates the type of the security token in the "subject_token" parameter. This is used with the token exchange grant.

GrantResponse

Token grant response.

FieldDescriptionValidation Rule

accessToken

string
Access token issued by the authorization server.

tokenType

string
Access token type such as "bearer" or "mac".

expiresIn

int32
Expiration time of the access token in seconds.

refreshToken

string
Optional refresh token issued when the authorization server and client are configured to use refresh tokens.

clientId

string
Optional client ID used during the grant process. When present the client ID for subsequent refresh grant calls. While not a standard field on an OAuth grant response, this helps remove ambiguity when multiple OIDC configurations are present in TSB.

error

tetrateio.api.iam.v2.Error
Optional error code presented when an error or validation check failed.

errorMessage

string
Optional error message that contains more details about the error that occurred.

Error

OAuth2 error codes

FieldNumberDescription

NO_ERROR

0

INVALID_REQUEST

1

INVALID_CLIENT

2

INVALID_GRANT

3

UNAUTHORIZED_CLIENT

4

UNSUPPORTED_GRANT_TYPE

5

AUTHORIZATION_PENDING

6

SLOW_DOWN

7

ACCESS_DENIED

8

EXPIRED_TOKEN

9

SERVER_ERROR

10

GrantType

OAuth2 grant types that are currently supported.

FieldNumberDescription

UNSPECIFIED

0

REFRESH_TOKEN

1

DEVICE_CODE_URN

2

CLIENT_CREDENTIALS

3

TOKEN_EXCHANGE

4

TokenType

FieldNumberDescription

TOKEN_TYPE_UNSPECIFIED

0

TOKEN_TYPE_ACCESS_TOKEN

1

TOKEN_TYPE_REFRESH_TOKEN

2

TOKEN_TYPE_ID_TOKEN

3

TOKEN_TYPE_JWT

4