Tokens

The Token object contains the details of an access token that can be used to authenticate requests to the Harlyy API, and optionally a refresh token that can be used to obtain a new access token when the current one expires.

All Harlyy tokens are JWT tokens, which means they are self-contained and can be verified without needing to contact the Harlyy API. The tokens are signed using the RS512 algorithm, which means they can and should be verified using the public key (certificate) provided by Harlyy.

info

All the endpoints in this section use the OAuth base URL, which is https://auth.harlyy.com.

The Token Object

Schema Token not found in OpenAPI spec.

Token Exchange

Exchange authorization code or credentials for an access token

Schema undefined not found in OpenAPI spec.

Returns200

Successfully exchanged authorization code, client credentials, or refresh token for an access token. The response includes an access token along with additional token details such as expiration and refresh token (if applicable).

The Token Object

Endpoint
POST /oauth/token

Token Revocation

Revoke an OAuth access or refresh token

Returns200

Endpoint
POST /oauth/revoke

Token Introspection

Retrieve details of the authenticated user

Returns200

Successfully retrieved the authenticated user's information.

The User Object

Endpoint
GET /oauth/me

Public Certificates

Retrieve public keys for token verification

Returns200

Successfully retrieved the list of public certificates used for token verification.

The Certificate Object

Endpoint
GET /oauth/certs

The Token Object​

Token Exchange​

Returns200

Token Revocation​

Returns200

Token Introspection​

Returns200

Public Certificates​

Returns200

The Token Object

Token Exchange

Token Revocation

Token Introspection

Public Certificates