Skip to main content

Consumer User Authentication

To use auth consumer user API, utilize one of the following techniques.

  • SAML:
    • Develop an API specifically for validating SAML assertions. The API will return a token that should be included in the current request header. The token must include the company ID. Ensure the company ID within the token is non-manipulable.
  • OIDC:
    • Send access_token/id_token in the current header The company has to manage the auth server The token must include the company ID. Ensure the company ID within the token is non-manipulable.
  • JWT
    • Send JWT (with the company ID inside) in the current header there are 2 scenarios:

    • 1 scenario
      • The company generates the JWT we need to store the company pub key
    • 2 scenario
      • We generate a scoped JWT for that company and user the company has to call us passing info about the user using an auth API call

/v1/auth/consumer-user/company/:company_id/user-profile/