Login with Unstoppable API

For more information on adding Login With Unstoppable to your applications, see the Login Integration Pathways.

Authentication

basic

Security Scheme Type HTTP
HTTP Authorization Scheme basic

oauth2

Security Scheme Type OAuth2
authorizationCode OAuth Flow
Authorization URL: TBD
Token URL: TBD
Scopes:
  • offline -

    A scope required when requesting refresh tokens (alias for offline_access)

  • offline_access -

    A scope required when requesting refresh tokens

  • openid -

    Request an OpenID Connect ID Token

public

JSON Web Keys Discovery

This endpoint returns JSON Web Keys to be used as public keys for verifying OpenID Connect ID Tokens and, if enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like node-jwks-rsa among others.

Responses
200

JSONWebKeySet

500

jsonError

get/.well-known/jwks.json
Request samples
const resp = await fetch(
  `/.well-known/jwks.json`,
  {method: 'GET'}
);

const data = await resp.text();
console.log(data);
Response samples
application/json
{
  • "keys": [
    ]
}

OpenID Connect Discovery

The well known endpoint an be used to retrieve information for OpenID Connect clients. We encourage you to not roll your own OpenID Connect client but to use an OpenID Connect client library instead. You can learn more on this flow at https://openid.net/specs/openid-connect-discovery-1_0.html .

Popular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others. For a full list of clients go here: https://openid.net/developers/certified/

Responses
200

wellKnown

401

jsonError

500

jsonError

get/.well-known/openid-configuration
Request samples
const resp = await fetch(
  `/.well-known/openid-configuration`,
  {method: 'GET'}
);

const data = await resp.text();
console.log(data);
Response samples
application/json
{}

OpenID Connect Userinfo

This endpoint returns the payload of the ID Token, including the idTokenExtra values, of the provided OAuth 2.0 Access Token.

For more information please refer to the spec.

In the case of authentication error, a WWW-Authenticate header might be set in the response with more information about the error. See the spec for more details about header format.

Request
Security:
Responses
200

userinfoResponse

401

jsonError

500

jsonError

get/userinfo
Request samples
const resp = await fetch(
  `/userinfo`,
  {
    method: 'GET',
    headers: {
      Authorization: 'Bearer <YOUR_TOKEN_HERE>'
    }
  }
);

const data = await resp.text();
console.log(data);
Response samples
application/json
{
  • "birthdate": "string",
  • "email": "string",
  • "email_verified": true,
  • "family_name": "string",
  • "gender": "string",
  • "given_name": "string",
  • "locale": "string",
  • "middle_name": "string",
  • "name": "string",
  • "nickname": "string",
  • "phone_number": "string",
  • "phone_number_verified": true,
  • "picture": "string",
  • "preferred_username": "string",
  • "profile": "string",
  • "sub": "string",
  • "updated_at": 0,
  • "website": "string",
  • "zoneinfo": "string"
}

metadata

Return Running Software Version.

This endpoint returns the version of Ory Hydra.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance.

Responses
200

Returns the Ory Hydra version.

get/version
Request samples
const resp = await fetch(
  `/version`,
  {method: 'GET'}
);

const data = await resp.text();
console.log(data);
Response samples
application/json
{
  • "version": "string"
}