SSO Login
admin.auth.session.sso.login
The SSO login API call is the second step in the SSO based authentication process. This API call should be made once the SSO login screen is complete and a callback is made to the front-end application.
Endpoint
POST v1/admin/auth/sso/loginHTTP Headers
| Header | Value |
|---|---|
| Authorization | Bearer api_key. |
Request Body
{
"state": "cvbhQlA5FNxRekOw",
"nonce": "hjkll1p5Fsd9Khrh",
"email": "enterprisecbs@indee.tv",
"code": "r0wE1b1h0JynIcxhYAINFlsjsjdXpJ9WOGBUGKujdsk",
"error": false,
"error_description": {}
}| Parameter | Type | Description | Optional/ Required |
|---|---|---|---|
state |
String | A random string generated by the SSO provider during the initiation step. This value is returned by our backend in the SSO initiation response. It is later included in the redirect URL after the user completes login via the SSO provider. The client must securely store the original state (e.g., in session or memory), validate that it matches the one received in the redirect, and send it in the final SSO login API request to confirm session integrity and prevent CSRF attacks. |
Required |
nonce |
String | A unique, cryptographically secure string generated by the SSO provider during the initiation step. This value is returned by our backend in the SSO initiation response and must be securely stored by the client (e.g., in session or memory). After the user completes login with the SSO provider, the client must include the same nonce value in the final SSO login API request to the backend. This ensures that the ID token is tied to the original session and helps prevent replay attacks. |
Required |
email |
String | Email ID of the user. | Required |
code |
String | A temporary authorization code issued by the identity provider (e.g., Auth0, Okta) after the user successfully completes login. This code is included in the redirect URL and must be extracted by the client and sent to the backend in the SSO login API request. The backend uses this code to request and exchange for tokens (e.g., access token, ID token) as part of the OAuth 2.0 authorization code flow. |
Required |
error |
Boolean | Error code returned by the SSO provider. | Required |
error_description |
String | Error description returned by the SSO provider. | Optional |
Response Body
{
"status_code": "A0000",
"status_message": "success",
"token": <str>, #JWT
"refresh_token": <str> #JWT
}| Field | Type | Description |
|---|---|---|
status code |
String | Status code provided by Indee. |
status_message |
String | Message body of the status code. |
token |
String | The auth token in OAuth 2.0 nomenclature. |
refresh_token |
String | The refresh token represents its namesake as defined in OAuth 2.0. |
| . |
Error Codes
Indee provides a comprehensive list of Error Codes. To know more, see Common Error and Success Codes.