OAuth1

Grants

Password grant

The Password Grant accepts your username and password, then returns an Access Token and a Refresh token. As mentioned before the Access Token can be used to authenticate API requests.

See also the Password Policy User Service setting for more information about the password format and login attempts.

await exh.auth.authenticate({
    email:'[email protected]',
    password:'myPassword1234'
});

Mfa Grant

When MFA is enabled for a user and you try to authenticate using the password grant you will receive a MfaRequiredError . You can catch the error and use the Mfa Grant to complete the authentication.

try {
  await exh.auth.authenticate({
    password: '',
    email: '',
  });
} catch (error) {
  if (error instanceof MfaRequiredError) {
    const { mfa } = error.response;

    // Your logic to request which method the user want to use in case of multiple methods
    const methodId = mfa.methods[0].id;

    await exh.auth.confirmMfa({
      token: mfa.token,
      methodId,
      code: '', // code from ie. Google Authenticator
    });
  }
  // handle other possible authentication errors
}

SSO Token Grant

You can exchange an SSO token generated by application for access tokens that can be used by another application. This way you can implement a single sign one flow between e.g. mobile and web.

await exh.raw.post('/auth/v2/oauth1/ssoTokens/consume',{
    ssoToken: "{ssoTokenHere}"
});

Tokens

Retrieve a list of active tokens

await exh.raw.get('/auth/v2/oauth1/tokens');

Revoking tokens

await exh.raw.delete('/auth/v2/oauth1/tokens/{tokenId}');

SSO

Generate SSO Tokens

You can create a single use SSO token. Another client can consume such a token and exchange it for an authorization.

await exh.raw.post('/auth/v2/oauth1/ssoTokens/generate');