Passport API

Auth Gateway

Exchange Token

Call this method to exchange an exchange code or refresh token for a new access token and refresh token.

Exchange Token

POST https://passport.rollup.id/token

Call this method to exchange an exchange code or refresh token for a new access token and refresh token.

Request Body

Name
Type
Description

code*

String

Exchange code

client_id*

String

Application client id

client_secret*

String

Application client secret

grant_type*

String

"authorization_code" or "refresh_token"

{
    access_token: string,
    refresh_token: string,
    token_type: 'Bearer',
    id_token: string
}

Example

const tokenForm = new Form()
tokenForm.append('code', exchangeCode)
tokenForm.append('grant_type', grantType)
tokenForm.append('client_id', clientId)
tokenForm.append('client_secret', clientSecret)

const { access_code, refresh_token } = await fetch(
  'https://passport.rollup.id/token',
  {
    method: 'post',
    body: tokenForm,
  }
)

Source

https://github.com/proofzero/rollupid/blob/main/apps/passport/app/routes/token.tsx

User Info

Call this method to retrieve basic identity information for the user. This endpoint retrieves fresh data that would have been included in the ID token when the app was initially authorized by the user.

User Info

POST https://passport.rollup.id/userinfo

Call this method to retrieve basic identity information for the user.

Headers

Name
Type
Description

Authorization*

String

Bearer {access token}

{
    name: '(some name here)',
    picture: '(URL of some picture here)',
    email: '(email address connected to the account)',
    sub: '(unique identifier of the account aka. accountURN)',
    connected_accounts: [
      {
        type: 'eth',
        identifier: '(eth address)'
      },
      {
        type: 'email',
        identifier: '(email address of connected account)'
      },
      {
        type: 'github',
        identifier: '(github username)'
      }
      //other addresses
    ]
}

Example

const access_token = '(some access token value)'

const response = await fetch('https://passport.rollup.id/userinfo', {
  headers: {
    Authorization: `Bearer ${access_token}`,
  },
})
const { name, picture } = await response.json()

OpenID Connect Discovery

The OpenID provider metadata can be accessed in the endpoint described below.

OpenID Configuration

GET https://passport.rollup.id/.well-known/openid-configuration

{
  "issuer": "https://passport.rollup.id",
  "authorization_endpoint": "https://passport.rollup.id/authorize",
  "token_endpoint": "https://passport.rollup.id/token",
  "token_endpoint_auth_methods_supported": ["client_secret_post"],
  "token_endpoint_auth_signing_alg_values_supported": ["ES256"],
  "userinfo_endpoint": "https://passport.rollup.id/userinfo",
  "jwks_uri": "https://passport.rollup.id/.well-known/jwks.json",
  "scopes_supported": ["openid", "profile", "email"],
  "response_types_supported": ["code"],
  "subject_types_supported": ["public", "pairwise"],
  "userinfo_signing_alg_values_supported": ["ES256"],
  "id_token_signing_alg_values_supported": ["ES256"],
  "request_object_signing_alg_values_supported": ["ES256"],
  "claims_supported": ["sub", "iss"],
  "service_documentation": "https://docs.rollup.id/"
}

JSON Web Key Set

The JWKS is the list of public keys to be used to validate token signatures.

JWKS

GET https://passport.rollup.id/.well-known/jwks.json

{
  "keys": [
    {
      "alg": "ES256",
      "kid": "1682004114895",
      "kty": "EC",
      "x": "ArcyYahTQbDLptozxzlYArNCKkz50iE7uCW1FBZ4P6Y",
      "y": "Vi51b0mBI1QWALTf5vd2guoBNn72VTv473vhHt1ZgQw",
      "crv": "P-256"
    },
    {
      "alg": "ES256",
      "kid": "1682000697502",
      "kty": "EC",
      "x": "JL5ZRnjb9pp9TqKsT5-pfa0Yw-Q191J210MwpdpWlZQ",
      "y": "OOc5DhoEIUczfNNof25suDFLWKNUTTb0pDm2_4hJMk4",
      "crv": "P-256"
    }
  ]
}

Last updated