Exchange Token (DEPRECATED)

POST

openidc

token

curl --request POST \
  --url https://staging.terminal3.io/v1/openidc/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "grant_type": "authorization_code",
  "code": "<string>",
  "client_id": "<string>",
  "client_secret": "<string>",
  "redirect_uri": "<string>"
}'

{
  "scope": "openid",
  "token_type": "Bearer",
  "access_token": "<string>",
  "expire_in": 123,
  "id_token": "<string>"
}

Once users are authorized, the one-time code will be returned to the client, which will then combine it with the client_secret to obtain an access token.

The `id_token` and `access_token`

id_token is a JWT token that contains basic information about the user, including:

JSON
{
	"user_id": 1,
	"edu_username": "yat.edu"
}

edu_username is a sample application-specific data field.

access_token is a JWT token used for accessing a particular resource via the API.

TEXT
GET https://api.terminal3.io/v1/openidc/user
Authorization: Bearer <access_token>

Validating access token

To make sure the token is provided by Terminal 3 before proceeding, you can obtain the public keys from Terminal 3 and use them to verify the token.

TypeScript
import * as jose from "jose";

const JWKS = jose.createRemoteJWKSet(new URL("https://api.terminal3.io/certs/jwks.json"))>;

const { payload } = await jose.jwtVerify(access_token, JWKS, {
 issuer: "Terminal 3",
 audience: "client_id",
});

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

grant_type

enum<string>

required

Available options:

authorization_code

code

string

required

Minimum length: 1

client_id

string

required

Minimum length: 1

client_secret

string

required

Minimum length: 1

redirect_uri

string

required

Minimum length: 1

Response

200

application/json

Success

scope

enum<string>

required

Available options:

openid

token_type

enum<string>

required

Available options:

Bearer

access_token

string

required

expire_in

number

required

id_token

string

required

Authorize User Exchange Token (V2)

curl --request POST \
  --url https://staging.terminal3.io/v1/openidc/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "grant_type": "authorization_code",
  "code": "<string>",
  "client_id": "<string>",
  "client_secret": "<string>",
  "redirect_uri": "<string>"
}'

{
  "scope": "openid",
  "token_type": "Bearer",
  "access_token": "<string>",
  "expire_in": 123,
  "id_token": "<string>"
}

TERMINAL 3 API

SIGN IN WITH TERMINAL 3

NOTIFICATION

VERIFIABLE CREDENTIAL SDK

The `id_token` and `access_token`

Validating access token

Authorizations

Body

Response

TERMINAL 3 API

SIGN IN WITH TERMINAL 3

NOTIFICATION

VERIFIABLE CREDENTIAL SDK

​The id_token and access_token

​Validating access token

Authorizations

Body

Response

The `id_token` and `access_token`

Validating access token