Auth API Overview
The Auth API provides OAuth 2.0, OpenID Connect (OIDC), and token management capabilities for secure authentication and authorization.
Key Features
- OAuth 2.0 - Client Credentials and Authorization Code flows with PKCE
- OpenID Connect - Standard OIDC discovery and userinfo endpoints
- JWT Tokens - Secure token generation and validation
- JWKS - JSON Web Key Set endpoints for token verification
- Multi-tenant - Organization-scoped access control
Authentication Flows
Client Credentials Flow
For server-to-server authentication:
Authorization Code Flow with PKCE
For user authentication in web applications:
Quick Example
# Get an access token using client credentials
curl -X POST "https://auth.propper.ai/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "scope=sign:read sign:write"
Endpoints
| Endpoint | Description |
|---|---|
POST /oauth2/token | Exchange credentials for access tokens |
GET /oauth2/authorize | Initiate authorization code flow |
GET /.well-known/openid-configuration | OIDC discovery document |
GET /.well-known/jwks.json | JSON Web Key Set |
GET /oauth2/userinfo | Get authenticated user info |
Next Steps
- OAuth 2.0 Flows - Implement client credentials and authorization code flows
- Token Management - Refresh, introspect, and revoke tokens
- OpenID Connect - Integrate OIDC for user authentication
- API Reference - Full API documentation