# OAuth1 ## Grants ### Password grant The Password Grant accepts your username and password, then returns an Access Token and a Refresh token. As mentioned before the Access Token can be used to authenticate API requests. See also the [Password Policy User Service setting ](/extrahorizon/services/access-management/user-service/configuration.md#password-policy)for more information about the password format and login attempts. {% tabs %} {% tab title="Javascript" %} ```javascript await exh.auth.authenticate({ email:'john.doe@example.com', password:'myPassword1234' }); ``` {% endtab %} {% endtabs %} {% hint style="warning" %} Note that in case this user has MFA enabled this function will throw a `MfaRequiredError`. With the information in the error you can follow the [Mfa Grant](#mfa-grant) to complete the authentication. {% endhint %} ### Mfa Grant When MFA is enabled for a user and you try to authenticate using the password grant you will receive a `MfaRequiredError` . You can catch the error and use the Mfa Grant to complete the authentication. {% tabs %} {% tab title="Javascript" %} ```javascript try { await exh.auth.authenticate({ password: '', email: '', }); } catch (error) { if (error instanceof MfaRequiredError) { const { mfa } = error.response; // Your logic to request which method the user want to use in case of multiple methods const methodId = mfa.methods[0].id; await exh.auth.confirmMfa({ token: mfa.token, methodId, code: '', // code from ie. Google Authenticator }); } // handle other possible authentication errors } ``` {% endtab %} {% endtabs %} ### SSO Token Grant You can exchange an SSO token generated by application for access tokens that can be used by another application. This way you can implement a single sign one flow between e.g. mobile and web. {% tabs %} {% tab title="Javascript" %} This functional is currently not supported by Javascript SDK. You can use the raw method of the SDK to access this functionality. ```javascript await exh.raw.post('/auth/v2/oauth1/ssoTokens/consume',{ ssoToken: "{ssoTokenHere}" }); ``` {% endtab %} {% endtabs %} ## Tokens ### Retrieve a list of active tokens {% tabs %} {% tab title="Javascript" %} This functional is currently not supported by Javascript SDK. You can use the raw method of the SDK to access this functionality. ```javascript await exh.raw.get('/auth/v2/oauth1/tokens'); ``` {% endtab %} {% endtabs %} ### Revoking tokens {% tabs %} {% tab title="Javascript" %} This functional is currently not supported by Javascript SDK. You can use the raw method of the SDK to access this functionality. ```javascript await exh.raw.delete('/auth/v2/oauth1/tokens/{tokenId}'); ``` {% endtab %} {% endtabs %} ## SSO ### Generate SSO Tokens You can create a single use SSO token. Another client can consume such a token and exchange it for an authorization. {% tabs %} {% tab title="Javascript" %} This functional is currently not supported by Javascript SDK. You can use the raw method of the SDK to access this functionality. ```javascript await exh.raw.post('/auth/v2/oauth1/ssoTokens/generate'); ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.extrahorizon.com/extrahorizon/services/access-management/auth-service/oauth1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.