Stytch · Schema

api_b2b_oauth_v1_AuthenticateRequest

Request type

AuthenticationIdentityPasswordlessSecurityB2BConnected AppsMCPAI AgentsDeveloper Tools

Properties

Name Type Description
oauth_token string The token to authenticate.
session_token string A secret token for a given Stytch Session.
session_duration_minutes integer Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, returning both an opaque `session_token` and `session_jwt` for this session. Reme
session_jwt string The JSON Web Token (JWT) for a given Stytch Session.
session_custom_claims object Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Sessi
pkce_code_verifier string A base64url encoded one time secret used to validate that the request starts and ends on the same device.
locale object If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will b
intermediate_session_token string Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the in
telemetry_id string If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and
View JSON Schema on GitHub

JSON Schema

stytch-api-b2b-oauth-v1-authenticaterequest-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/api_b2b_oauth_v1_AuthenticateRequest",
  "title": "api_b2b_oauth_v1_AuthenticateRequest",
  "type": "object",
  "properties": {
    "oauth_token": {
      "type": "string",
      "description": "The token to authenticate."
    },
    "session_token": {
      "type": "string",
      "description": "A secret token for a given Stytch Session."
    },
    "session_duration_minutes": {
      "type": "integer",
      "format": "int32",
      "description": "Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,\n  returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of\n  five minutes regardless of the underlying session duration, and will need to be refreshed over time.\n\n  This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).\n\n  If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.\n\n  If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want\n  to use the Stytch session product, you can ignore the session fields in the response."
    },
    "session_jwt": {
      "type": "string",
      "description": "The JSON Web Token (JWT) for a given Stytch Session."
    },
    "session_custom_claims": {
      "type": "object",
      "additionalProperties": true,
      "description": "Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in\n  `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To\n  delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.\n  Total custom claims size cannot exceed four kilobytes."
    },
    "pkce_code_verifier": {
      "type": "string",
      "description": "A base64url encoded one time secret used to validate that the request starts and ends on the same device."
    },
    "locale": {
      "$ref": "#/components/schemas/api_b2b_oauth_v1_AuthenticateRequestLocale",
      "description": "If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.\n\nParameter is an [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `\"en\"`.\n\nCurrently supported languages are English (`\"en\"`), Spanish (`\"es\"`), and Brazilian Portuguese (`\"pt-br\"`); if no value is provided, the copy defaults to English.\n\nRequest support for additional languages [here](https://docs.google.com/forms/d/e/1FAIpQLScZSpAu_m2AmLXRT3F3kap-s_mcV6UTBitYn6CdyWP0-o7YjQ/viewform?usp=sf_link\")!\n"
    },
    "intermediate_session_token": {
      "type": "string",
      "description": "Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned."
    },
    "telemetry_id": {
      "type": "string",
      "description": "If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature."
    }
  },
  "description": "Request type",
  "required": [
    "oauth_token"
  ]
}