Skip to main content

Get Third-Party Authorization Info

POST 
/auth/v1/provider/token

API Description

Obtain authorization information from third-party services. For example, when logging in with OAuth, use this API to get the authorized user information for the OAuth client and generate a provider_token.

Input Requirements

  • client_id: Client ID corresponding to the application (optional, defaults to environment ID)
  • x-device-id: Device ID (required, passed in the request header)
  • Request body parameters (v1GrantProviderTokenRequest):
    • provider_id: Identity provider ID (required, e.g., github, wechat)
    • provider_code: Login code obtained from the third-party system (required, used to exchange for user identity)
    • provider_redirect_uri: Identity provider callback URL (optional)

Prerequisites

  • You must first obtain an authorization code (code) via the third-party authorization flow.
  • The third-party identity provider must be configured in the CloudBase console.

Output

  • Returns provider_token and provider_profile (v1GrantProviderTokenResponse).
  • provider_token is used when calling subsequent login APIs.
  • provider_profile contains the basic information of the third-party user.

Request Example

POST /auth/v1/provider/token
x-device-id: device_123456
Content-Type: application/json

{
  "provider_id": "github",
  "provider_code": "authorization_code_from_github",
  "provider_redirect_uri": "https://your-app.com/callback"
}

Response Example

{
  "provider_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJwcm92aWRlciI6ImdpdGh1YiIsInN1YiI6IjEyMzQ1Njc4OTAiLCJleHAiOjE3MzQ2ODIzNTd9.bVJ0cE1xTnBWc0R5QmhKa0xmR3pYY1ZiTm1Bc1FkRmdIaktsTXBPclN0VXZXeElaQWJDZERlRmZHaEhpSmpLa0xs",
  "expires_in": 3600,
  "provider_profile": {
    "provider_id": "github",
    "sub": "1234567890",
    "name": "Zhang San",
    "picture": "https://avatars.githubusercontent.com/u/1234567890",
    "email": "zhangsan@example",
    "provider": "github"
  }
}

Usage Flow

  1. After the user completes third-party authorization, obtain the authorization code (code).
  2. Call this API with the authorization code to exchange it for a provider_token.
  3. Use the provider_token to call the Third-party Authorization Info Login API to complete login.

Key Characteristics

  • The provider_token is valid for 3600 seconds (1 hour).
  • The returned provider_profile contains the full information of the third-party user.
  • Supports auto-registering a new user if the user does not exist.
  • Supports binding to an existing user account.

Request

Query Parameters

    client_id string

    Client ID corresponding to the application, defaults to environment ID, can be omitted

Header Parameters

    x-device-id stringrequired

    Device ID

Body

    provider_id Identity provider ID, such as wx_open, or WeChat Mini Program appid (string)required
    provider_redirect_uri Identity source callback URL (string)
    provider_code Login code obtained from third-party system, used to exchange user identity (string)

Responses

A successful response.

Response Headers
    Schema
      provider_token If automatic registration is not enabled, provider_token will be returned for further processing, such as through phone number. (string)
      expires_in int32
      provider_profile object
      provider_id Identity source ID (string)
      sub Main ID, identifies the unique identifier of the user (string)
      name Name (string)
      picture Avatar (string)
      email Email (string)
      phone_number Phone number (string)
      gender Gender (string)
      locale Region (string)
      url Email (string)
      groups string[]
      sub_id sub_id If the customer needs SLO, sub_id may need to be returned, can refer to: urn:oasis:names:tc:SAML:attribute:subject-id (string)
      token provider returned token, for example: in OAuth mode, this token is refresh_token (string)
      at_hash at hash of provider profile (string)
      meta object
      object
      property name* string
      raw Original third-party information (string)
      provider Identity source type (string)
    Loading...