OAuth1

Grants

Password grant

The Password Grant accepts your username and password, then returns an Access Token and a Refresh token. As mentioned before the Access Token can be used to authenticate API requests.

See also the for more information about the password format and login attempts.

await exh.auth.authenticate({
    email:'john.doe@example.com',
    password:'myPassword1234'
});

Mfa Grant

When MFA is enabled for a user and you try to authenticate using the password grant you will receive a MfaRequiredError . You can catch the error and use the Mfa Grant to complete the authentication.

try {
  await exh.auth.authenticate({
    password: '',
    email: '',
  });
} catch (error) {
  if (error instanceof MfaRequiredError) {
    const { mfa } = error.response;

    // Your logic to request which method the user want to use in case of multiple methods
    const methodId = mfa.methods[0].id;

    await exh.auth.confirmMfa({
      token: mfa.token,
      methodId,
      code: '', // code from ie. Google Authenticator
    });
  }
  // handle other possible authentication errors
}

SSO Token Grant

You can exchange an SSO token generated by application for access tokens that can be used by another application. This way you can implement a single sign one flow between e.g. mobile and web.

await exh.raw.post('/auth/v2/oauth1/ssoTokens/consume',{
    ssoToken: "{ssoTokenHere}"
});

Tokens

Retrieve a list of active tokens

await exh.raw.get('/auth/v2/oauth1/tokens');

Revoking tokens

await exh.raw.delete('/auth/v2/oauth1/tokens/{tokenId}');

SSO

Generate SSO Tokens

You can create a single use SSO token. Another client can consume such a token and exchange it for an authorization.

await exh.raw.post('/auth/v2/oauth1/ssoTokens/generate');