Identity API
The Identity service provides authentication, user management, and organization management.
OAuth 2.1 / OIDC Endpoints
Authorization Endpoint
GET /authorizeStarts the OAuth 2.1 authorization flow. Redirects the user to their configured identity provider (SSO).
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
client_id | string | Your application's client ID |
redirect_uri | string | Callback URL after authentication |
response_type | string | Must be code |
scope | string | Space-separated scopes (e.g., openid profile email) |
state | string | CSRF protection token |
Token Endpoint
POST /tokenExchange an authorization code for access and refresh tokens.
Request Body (form-encoded):
| Parameter | Type | Description |
|---|---|---|
grant_type | string | authorization_code or refresh_token |
code | string | Authorization code (for authorization_code grant) |
redirect_uri | string | Must match the original authorization request |
refresh_token | string | Refresh token (for refresh_token grant) |
JWKS Endpoint
GET /.well-known/jwks.jsonReturns the JSON Web Key Set used to verify JWT tokens.
OpenID Configuration
GET /.well-known/openid-configurationReturns the OpenID Connect discovery document.
Organization Management
List Members
GET /api/v1/organizations/{org_id}/membersInvite Member
POST /api/v1/organizations/{org_id}/invitesRequest Body:
json
{
"email": "user@example.com",
"role": "member"
}Update Member Role
PATCH /api/v1/organizations/{org_id}/members/{user_id}Request Body:
json
{
"role": "admin"
}Remove Member
DELETE /api/v1/organizations/{org_id}/members/{user_id}