Skip to main content

Sso Exchange

POST 

/api/v1/auth/sso/exchange

Exchange a one-time SSO authorization code + PKCE verifier + state for a SpatialFlow JWT pair (SEC-10 / SAML-01).

The code is single-use and consumed on EVERY path (success or failure), so an intercepted code cannot be replayed and is useless without the PKCE verifier.

Returns: 200: {access_token, refresh_token, token_type, expires_in, user, created}. 400: PKCE verification failed or state mismatch. 401: Invalid/expired/already-consumed code, or inactive/unknown user.

Request

Responses

OK