Get Delegation Token (Legacy)

curl --request POST \
  --url https://{yourDomain}/delegation \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_id": "<string>",
  "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
  "id_token": "<string>",
  "target": "<string>",
  "scope": "<string>",
  "api_type": "<string>"
}
'

{
  "id_token": "<string>",
  "token_type": "<string>",
  "expires_in": 123
}

Get Delegation Token (Legacy)

deprecated

⚠️ LEGACY ENDPOINT - Delegation tokens are deprecated and disabled for new tenants.

Status: This feature is disabled by default for new tenants. Maintained only for tenants with active add-ons that require delegation.

Migration: There is no direct replacement. Specific use cases should migrate to:

Token refresh: Use refresh tokens with /oauth/token and grant_type=refresh_token
Third-party APIs: Configure proper API authorization

Allowed applications to obtain an ID Token or a JWT for calling a different API using an existing token.

POST

https://{yourDomain}

delegation

Get Delegation Token (Legacy)

curl --request POST \
  --url https://{yourDomain}/delegation \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_id": "<string>",
  "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
  "id_token": "<string>",
  "target": "<string>",
  "scope": "<string>",
  "api_type": "<string>"
}
'

{
  "id_token": "<string>",
  "token_type": "<string>",
  "expires_in": 123
}

Autorisations

Authorization

string

header

requis

The access token received from the authorization server in the OAuth 2.0 flow.

Corps

application/json

client_id

string

requis

Your application's Client ID

grant_type

enum<string>

requis

The grant type for delegation

Options disponibles:

urn:ietf:params:oauth:grant-type:jwt-bearer

id_token

string

requis

The ID Token you want to exchange

target

string

The Client ID of the target application

scope

string

Space-delimited list of requested scopes

api_type

string

The type of API (e.g., 'firebase', 'aws', 'azure_sb', etc.)

Réponse

Delegation token returned successfully

id_token

string

The delegated ID Token

token_type

string

The type of token

expires_in

integer

Token lifetime in seconds

Get Token Info (Legacy)

Impersonate a User (Legacy)

⌘I