LogoLogo
PlatformReference
  • Welcome to Rollup
  • An Introduction to OpenID Connect (OIDC)
  • The Rollup Identity Graph
  • Getting Started
    • Create an Application
    • Setup Auth Flow
    • API Access
  • Guides
    • Storing Tokens
    • Session Management
    • Using Scopes
      • Requesting Email
      • Requesting Connected Accounts
      • Requesting Smart Contract Wallets
    • Third Party Auth Tools
      • Setup with Auth0
      • Setup with Supabase
      • Setup with NextAuth.js
  • Platform
    • Console
      • Dashboard
      • OAuth
      • Blockchain
      • Designer
      • Custom Domain
      • Users
      • KYC
      • Messaging
      • Audience Builder
      • Teams & Contact
      • Billing
    • Passport
    • Galaxy
  • Advanced
    • Tokens
    • Pop Up Auth Flow
    • Create Custom Claims
    • Migration Guide
  • Reference
    • Galaxy API
    • Passport API
    • Scopes
  • Troubleshooting
    • FAQ
  • Roadmap
  • Contributing
  • Login to Console
Powered by GitBook
On this page
  • Exchange Token
  • Exchange Token
  • User Info
  • User Info
  • OpenID Connect Discovery
  • OpenID Configuration
  • JSON Web Key Set
  • JWKS

Was this helpful?

Edit on GitHub
Export as PDF
  1. Reference

Passport API

Auth Gateway

Exchange Token

Call this method to exchange an exchange code or refresh token for a new access token and refresh token.

Exchange Token

POST https://passport.rollup.id/token

Call this method to exchange an exchange code or refresh token for a new access token and refresh token.

Request Body

Name
Type
Description

code*

String

Exchange code

client_id*

String

Application client id

client_secret*

String

Application client secret

grant_type*

String

"authorization_code" or "refresh_token"

{
    access_token: string,
    refresh_token: string,
    token_type: 'Bearer',
    id_token: string
}

Example

const tokenForm = new Form()
tokenForm.append('code', exchangeCode)
tokenForm.append('grant_type', grantType)
tokenForm.append('client_id', clientId)
tokenForm.append('client_secret', clientSecret)

const { access_code, refresh_token } = await fetch(
  'https://passport.rollup.id/token',
  {
    method: 'post',
    body: tokenForm,
  }
)
curl https://passport.rollup.id/token -X POST \
  --header "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "client_id={clientId}" \
  --data-urlencode "client_secret={clientSecret}"
  --data-urlencode "code={exchangeCode}"
  --data-urlencode "grant_type=authorization_code"

Source

User Info

Call this method to retrieve basic identity information for the user. This endpoint retrieves fresh data that would have been included in the ID token when the app was initially authorized by the user.

User Info

POST https://passport.rollup.id/userinfo

Call this method to retrieve basic identity information for the user.

Headers

Name
Type
Description

Authorization*

String

Bearer {access token}

{
    name: '(some name here)',
    picture: '(URL of some picture here)',
    email: '(email address connected to the account)',
    sub: '(unique identifier of the account aka. accountURN)',
    connected_accounts: [
      {
        type: 'eth',
        identifier: '(eth address)'
      },
      {
        type: 'email',
        identifier: '(email address of connected account)'
      },
      {
        type: 'github',
        identifier: '(github username)'
      }
      //other addresses
    ]
}

Example

const access_token = '(some access token value)'

const response = await fetch('https://passport.rollup.id/userinfo', {
  headers: {
    Authorization: `Bearer ${access_token}`,
  },
})
const { name, picture } = await response.json()
export token="(some token value)"
curl https://passport.rollup.id/userinfo \
  --header "Authorization: Bearer $token"

OpenID Connect Discovery

The OpenID provider metadata can be accessed in the endpoint described below.

OpenID Configuration

GET https://passport.rollup.id/.well-known/openid-configuration

{
  "issuer": "https://passport.rollup.id",
  "authorization_endpoint": "https://passport.rollup.id/authorize",
  "token_endpoint": "https://passport.rollup.id/token",
  "token_endpoint_auth_methods_supported": ["client_secret_post"],
  "token_endpoint_auth_signing_alg_values_supported": ["ES256"],
  "userinfo_endpoint": "https://passport.rollup.id/userinfo",
  "jwks_uri": "https://passport.rollup.id/.well-known/jwks.json",
  "scopes_supported": ["openid", "profile", "email"],
  "response_types_supported": ["code"],
  "subject_types_supported": ["public", "pairwise"],
  "userinfo_signing_alg_values_supported": ["ES256"],
  "id_token_signing_alg_values_supported": ["ES256"],
  "request_object_signing_alg_values_supported": ["ES256"],
  "claims_supported": ["sub", "iss"],
  "service_documentation": "https://docs.rollup.id/"
}

JSON Web Key Set

The JWKS is the list of public keys to be used to validate token signatures.

JWKS

GET https://passport.rollup.id/.well-known/jwks.json

{
  "keys": [
    {
      "alg": "ES256",
      "kid": "1682004114895",
      "kty": "EC",
      "x": "ArcyYahTQbDLptozxzlYArNCKkz50iE7uCW1FBZ4P6Y",
      "y": "Vi51b0mBI1QWALTf5vd2guoBNn72VTv473vhHt1ZgQw",
      "crv": "P-256"
    },
    {
      "alg": "ES256",
      "kid": "1682000697502",
      "kty": "EC",
      "x": "JL5ZRnjb9pp9TqKsT5-pfa0Yw-Q191J210MwpdpWlZQ",
      "y": "OOc5DhoEIUczfNNof25suDFLWKNUTTb0pDm2_4hJMk4",
      "crv": "P-256"
    }
  ]
}
PreviousGalaxy APINextScopes

Last updated 1 year ago

Was this helpful?

https://github.com/proofzero/rollupid/blob/main/apps/passport/app/routes/token.tsx