Exchange OIDCToken
https://app.fossa.com/api/oidc/token-exchangeExchange an OIDC token for a FOSSA API token. This endpoint is unauthenticated (no FOSSA API token is required); the caller presents an OIDC token issued by a trusted provider. Validation or lookup failures (invalid token, unknown provider, or no matching trust relationship) are reported as a `400`.
Request body (required) · application/json
providerIdintegerrequiredThe ID of the OIDC Provider that issued the token
usernamestringrequiredThe username of the user that we want to log in as
tokenstringrequiredThe JWT that was issued by the OIDC Provider
expiresInintegerThe desired validity duration of the generated FOSSA token, in seconds. Min 15 minutes (900s), Max 12 hours (43200s), Default 1 hour (3600s).
isPushOnlybooleanWhether the FOSSA token should be push-only. Defaults to true.
Responses
200Successfully exchanged OIDC token for FOSSA tokenuserIdintegerrequiredThe ID of the user that the token is for
providerIdintegerrequiredThe ID of the OIDC Provider
issuerstringrequiredThe issuer of the token
subjectstringrequiredThe subject of the token
credentialobjectrequiredThe FOSSA credential information
tokenstringrequiredThe FOSSA token that can be used to authenticate with the FOSSA API
isPushOnlybooleanrequiredWhether the FOSSA token is push-only
expirationstring <date-time>requiredWhen the FOSSA token expires
400Bad RequestuuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
500Server ErroruuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
Try this endpoint
Build a request and run it against app.fossa.com.
Stored in this browser for 24 hours. Try It uses a docs proxy for CORS and does not store tokens server-side.
POST https://app.fossa.com/api/oidc/token-exchangecurl --request POST \ --url 'https://app.fossa.com/api/oidc/token-exchange' \ --header 'accept: application/json' \ --header 'content-type: application/json' \ --data '{ "providerId": 123, "username": "john.doe", "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."}'Real request. Mutating methods can change data.