Sso Start
GET/api/v1/auth/sso/start
Initiate SAML SSO from mobile app.
Validates the return deeplink URL against an allowlist (spatialflow://,
spatialflowdev://) to prevent open-redirect abuse (D-06), then delegates
to the existing SP-initiated SAML flow for the given workspace slug.
On success, the SAML ACS handler will redirect back to return with
?token=<jwt>&refresh=<refresh> appended (D-04).
Returns: 302: Redirect to IdP login page. 400: Invalid return URL or SAML configuration error.
Request
Responses
- 302
- 400
- 401
- 403
- 404
- 422
Found
Bad Request
Unauthorized
Forbidden
Not Found
Validation Error