Backend Services
- GET/.well-known/jwks.json
- POST/elevate/webauthn
- POST/elevate/webauthn/verify
- HEAD/healthz
- GET/healthz
- POST/link/idtoken
- GET/mfa/totp/generate
- POST/pat
- POST/signin/anonymous
- POST/signin/email-password
- POST/signin/idtoken
- POST/signin/mfa/totp
- POST/signin/otp/email
- POST/signin/otp/email/verify
- POST/signin/passwordless/email
- POST/signin/passwordless/sms
- POST/signin/passwordless/sms/otp
- POST/signin/pat
- GET/signin/provider/{provider}
- GET/signin/provider/{provider}/callback
- GET/signin/provider/{provider}/callback/tokens
- POST/signin/provider/{provider}/callback
- POST/signin/webauthn
- POST/signin/webauthn/verify
- POST/signout
- POST/signup/email-password
- POST/signup/webauthn
- POST/signup/webauthn/verify
- POST/token
- POST/token/provider/{provider}
- POST/token/verify
- GET/user
- POST/user/deanonymize
- POST/user/email/change
- POST/user/email/send-verification-email
- POST/user/mfa
- POST/user/password
- POST/user/password/reset
- POST/user/webauthn/add
- POST/user/webauthn/verify
- GET/verify
- GET/version
- GET
Client Libraries
Client Libraries (deprecated)
curl --request POST \
--url https://{subdomain}.auth.{region}.nhost.run/v1/signin/idtoken \
--header 'Content-Type: application/json' \
--data '
{
"provider": "apple",
"idToken": "<string>",
"nonce": "<string>",
"options": {
"allowedRoles": [
"me",
"user"
],
"defaultRole": "user",
"displayName": "John Smith",
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"redirectTo": "https://my-app.com/catch-redirection"
}
}
'{
"session": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiresIn": 900,
"refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"user": {
"avatarUrl": "https://myapp.com/avatars/user123.jpg",
"createdAt": "2023-01-15T12:34:56Z",
"defaultRole": "user",
"displayName": "John Smith",
"emailVerified": true,
"id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"isAnonymous": false,
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"phoneNumberVerified": false,
"roles": [
"user",
"customer"
],
"email": "[email protected]",
"phoneNumber": "+12025550123",
"activeMfaType": "<string>"
}
}
}signInIdToken
Authenticate using an ID token from a supported OAuth provider (Apple or Google). Creates a new user account if one doesn’t exist.
curl --request POST \
--url https://{subdomain}.auth.{region}.nhost.run/v1/signin/idtoken \
--header 'Content-Type: application/json' \
--data '
{
"provider": "apple",
"idToken": "<string>",
"nonce": "<string>",
"options": {
"allowedRoles": [
"me",
"user"
],
"defaultRole": "user",
"displayName": "John Smith",
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"redirectTo": "https://my-app.com/catch-redirection"
}
}
'{
"session": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiresIn": 900,
"refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"user": {
"avatarUrl": "https://myapp.com/avatars/user123.jpg",
"createdAt": "2023-01-15T12:34:56Z",
"defaultRole": "user",
"displayName": "John Smith",
"emailVerified": true,
"id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"isAnonymous": false,
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"phoneNumberVerified": false,
"roles": [
"user",
"customer"
],
"email": "[email protected]",
"phoneNumber": "+12025550123",
"activeMfaType": "<string>"
}
}
}Body
ID token and provider information for authentication
apple, google Apple ID token
Nonce used during sign in process
Show child attributes
Show child attributes
["me", "user"]"user"
32"John Smith"
A two-characters locale
2"en"
{ "firstName": "John", "lastName": "Smith" }"https://my-app.com/catch-redirection"
Response
Successfully signed in
Container for session information
User authentication session containing tokens and user information
Show child attributes
Show child attributes
JWT token for authenticating API requests
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Expiration time of the access token in seconds
900
Identifier for the refresh token
"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"
Token used to refresh the access token
"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"
User profile and account information
Show child attributes
Show child attributes
URL to the user's profile picture
"https://myapp.com/avatars/user123.jpg"
Timestamp when the user account was created
"2023-01-15T12:34:56Z"
Default authorization role for the user
"user"
User's display name
"John Smith"
Whether the user's email has been verified
true
Unique identifier for the user
"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"
Whether this is an anonymous user account
false
User's preferred locale (language code)
2"en"
Custom metadata associated with the user
{ "firstName": "John", "lastName": "Smith" }Whether the user's phone number has been verified
false
List of roles assigned to the user
["user", "customer"]User's email address
User's phone number
"+12025550123"
Active MFA type for the user
Was this page helpful?