Stytch · Schema

api_oauth_v1_AuthenticateRequest

Request type

AuthenticationIdentityPasswordlessSecurityB2BConnected AppsMCPAI AgentsDeveloper Tools

Properties

Name Type Description
token string The OAuth `token` from the `?token=` query parameter in the URL. The redirect URL will look like `https://example.com/authenticate?stytch_token_type=oauth&token=rM_kw42CWBhsHLF62V75jELMbvJ87njMe3tFVj7
session_token string Reuse an existing session instead of creating a new one. If you provide us with a `session_token`, then we'll update the session represented by this session token with this OAuth factor. If this `sess
session_duration_minutes integer Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, returning both an opaque `session_token` and `session_jwt` for this session. Reme
session_jwt string Reuse an existing session instead of creating a new one. If you provide us with a `session_jwt`, then we'll update the session represented by this JWT with this OAuth factor. If this `session_jwt` bel
session_custom_claims object Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Sessi
code_verifier string A base64url encoded one time secret used to validate that the request starts and ends on the same device.
telemetry_id string If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and
View JSON Schema on GitHub

JSON Schema

stytch-api-oauth-v1-authenticaterequest-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/api_oauth_v1_AuthenticateRequest",
  "title": "api_oauth_v1_AuthenticateRequest",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "The OAuth `token` from the `?token=` query parameter in the URL.\n\n      The redirect URL will look like `https://example.com/authenticate?stytch_token_type=oauth&token=rM_kw42CWBhsHLF62V75jELMbvJ87njMe3tFVj7Qupu7`\n\n      In the redirect URL, the `stytch_token_type` will be `oauth`. See [here](https://stytch.com/docs/workspace-management/redirect-urls) for more detail."
    },
    "session_token": {
      "type": "string",
      "description": "Reuse an existing session instead of creating a new one. If you provide us with a `session_token`, then we'll update the session represented by this session token with this OAuth factor. If this `session_token` belongs to a different user than the OAuth token, the session_jwt will be ignored. This endpoint will error if both `session_token` and `session_jwt` are provided."
    },
    "session_duration_minutes": {
      "type": "integer",
      "format": "int32",
      "description": "Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,\n  returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of\n  five minutes regardless of the underlying session duration, and will need to be refreshed over time.\n\n  This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).\n\n  If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.\n\n  If the `session_duration_minutes` parameter is not specified, a Stytch session will not be created."
    },
    "session_jwt": {
      "type": "string",
      "description": "Reuse an existing session instead of creating a new one. If you provide us with a `session_jwt`, then we'll update the session represented by this JWT with this OAuth factor. If this `session_jwt` belongs to a different user than the OAuth token, the session_jwt will be ignored. This endpoint will error if both `session_token` and `session_jwt` are provided."
    },
    "session_custom_claims": {
      "type": "object",
      "additionalProperties": true,
      "description": "Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value.\n\n  Custom claims made with reserved claims (\"iss\", \"sub\", \"aud\", \"exp\", \"nbf\", \"iat\", \"jti\") will be ignored. Total custom claims size cannot exceed four kilobytes."
    },
    "code_verifier": {
      "type": "string",
      "description": "A base64url encoded one time secret used to validate that the request starts and ends on the same device."
    },
    "telemetry_id": {
      "type": "string",
      "description": "If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature."
    }
  },
  "description": "Request type",
  "required": [
    "token"
  ]
}