Token Flows
Auth Service supports several credential flows. Use the flow that matches the user or integration.
User Sign-In
Section titled “User Sign-In”Users sign in through the configured identity provider. Auth Service validates the provider-issued identity and supplies platform role and membership context to other services.
API Keys
Section titled “API Keys”API keys are for machine access owned by a user or integration. Store them in a secrets manager, rotate them regularly, and revoke them when they are no longer needed.
Service Accounts
Section titled “Service Accounts”Service accounts are for trusted platform services and backend integrations. They are configured by operators and should not be used as a substitute for human user accounts.
Token Exchange and Refresh
Section titled “Token Exchange and Refresh”Keycloak and Microsoft Entra deployments can use Auth Service token exchange and Auth Service-issued refresh tokens. Auth0 and generic OIDC deployments rely on provider-issued tokens and do not expose the token-exchange workflow.
Use the generated API reference for exact request formats.