C#
Copy
Ask AI
// POST /v1/b2b/sessions/exchange_access_token
const stytch = require('stytch');
const client = new stytch.B2BClient({
project_id: '${projectId}',
secret: '${secret}',
});
const params = {
access_token: "${sessionJwt}",
};
client.Sessions.ExchangeAccessToken(params)
.then(resp => { console.log(resp) })
.catch(err => { console.log(err) });Copy
Ask AI
{
"request_id": "<string>",
"member_id": "<string>",
"session_token": "<string>",
"session_jwt": "<string>",
"member": {
"organization_id": "<string>",
"member_id": "<string>",
"email_address": "<string>",
"status": "<string>",
"name": "<string>",
"sso_registrations": [
{
"connection_id": "<string>",
"external_id": "<string>",
"registration_id": "<string>",
"sso_attributes": {}
}
],
"is_breakglass": true,
"member_password_id": "<string>",
"oauth_registrations": [
{
"provider_type": "<string>",
"provider_subject": "<string>",
"member_oauth_registration_id": "<string>",
"profile_picture_url": "<string>",
"locale": "<string>"
}
],
"email_address_verified": true,
"mfa_phone_number_verified": true,
"is_admin": true,
"totp_registration_id": "<string>",
"retired_email_addresses": [
{
"email_id": "<string>",
"email_address": "<string>"
}
],
"is_locked": true,
"mfa_enrolled": true,
"mfa_phone_number": "<string>",
"default_mfa_method": "<string>",
"roles": [
{
"role_id": "<string>",
"sources": [
{
"type": "<string>",
"details": {}
}
]
}
],
"trusted_metadata": {},
"untrusted_metadata": {},
"created_at": "<string>",
"updated_at": "<string>",
"scim_registration": {
"connection_id": "<string>",
"registration_id": "<string>",
"external_id": "<string>",
"scim_attributes": {
"user_name": "<string>",
"id": "<string>",
"external_id": "<string>",
"active": true,
"groups": [
{
"value": "<string>",
"display": "<string>"
}
],
"display_name": "<string>",
"nick_name": "<string>",
"profile_url": "<string>",
"user_type": "<string>",
"title": "<string>",
"preferred_language": "<string>",
"locale": "<string>",
"timezone": "<string>",
"emails": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"phone_numbers": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"addresses": [
{
"formatted": "<string>",
"street_address": "<string>",
"locality": "<string>",
"region": "<string>",
"postal_code": "<string>",
"country": "<string>",
"type": "<string>",
"primary": true
}
],
"ims": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"photos": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"entitlements": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"roles": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"x509certificates": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"name": {
"formatted": "<string>",
"family_name": "<string>",
"given_name": "<string>",
"middle_name": "<string>",
"honorific_prefix": "<string>",
"honorific_suffix": "<string>"
},
"enterprise_extension": {
"employee_number": "<string>",
"cost_center": "<string>",
"division": "<string>",
"department": "<string>",
"organization": "<string>",
"manager": {
"value": "<string>",
"ref": "<string>",
"display_name": "<string>"
}
}
}
},
"external_id": "<string>",
"lock_created_at": "<string>",
"lock_expires_at": "<string>"
},
"organization": {
"organization_id": "<string>",
"organization_name": "<string>",
"organization_logo_url": "<string>",
"organization_slug": "<string>",
"sso_jit_provisioning": "<string>",
"sso_jit_provisioning_allowed_connections": [
"<string>"
],
"sso_active_connections": [
{
"connection_id": "<string>",
"display_name": "<string>",
"identity_provider": "<string>"
}
],
"email_allowed_domains": [
"<string>"
],
"email_jit_provisioning": "<string>",
"email_invites": "<string>",
"auth_methods": "<string>",
"allowed_auth_methods": [
"<string>"
],
"mfa_policy": "<string>",
"rbac_email_implicit_role_assignments": [
{
"domain": "<string>",
"role_id": "<string>"
}
],
"mfa_methods": "<string>",
"allowed_mfa_methods": [
"<string>"
],
"oauth_tenant_jit_provisioning": "<string>",
"claimed_email_domains": [
"<string>"
],
"first_party_connected_apps_allowed_type": "<string>",
"allowed_first_party_connected_apps": [
"<string>"
],
"third_party_connected_apps_allowed_type": "<string>",
"allowed_third_party_connected_apps": [
"<string>"
],
"custom_roles": [
{
"role_id": "<string>",
"description": "<string>",
"permissions": [
{
"resource_id": "<string>",
"actions": [
"<string>"
]
}
]
}
],
"trusted_metadata": {},
"created_at": "<string>",
"updated_at": "<string>",
"organization_external_id": "<string>",
"sso_default_connection_id": "<string>",
"scim_active_connection": {
"connection_id": "<string>",
"display_name": "<string>",
"bearer_token_last_four": "<string>",
"bearer_token_expires_at": "<string>"
},
"allowed_oauth_tenants": {}
},
"status_code": 123,
"member_session": {
"member_session_id": "<string>",
"member_id": "<string>",
"started_at": "<string>",
"last_accessed_at": "<string>",
"expires_at": "<string>",
"authentication_factors": [
{
"type": "magic_link",
"delivery_method": "email",
"last_authenticated_at": "<string>",
"created_at": "<string>",
"updated_at": "<string>",
"email_factor": {
"email_id": "<string>",
"email_address": "<string>"
},
"phone_number_factor": {
"phone_id": "<string>",
"phone_number": "<string>"
},
"google_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"microsoft_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"apple_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"webauthn_factor": {
"webauthn_registration_id": "<string>",
"domain": "<string>",
"user_agent": "<string>"
},
"authenticator_app_factor": {
"totp_id": "<string>"
},
"github_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"recovery_code_factor": {
"totp_recovery_code_id": "<string>"
},
"facebook_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"crypto_wallet_factor": {
"crypto_wallet_id": "<string>",
"crypto_wallet_address": "<string>",
"crypto_wallet_type": "<string>"
},
"amazon_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"bitbucket_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"coinbase_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"discord_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"figma_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"git_lab_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"instagram_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"linked_in_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"shopify_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"slack_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"snapchat_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"spotify_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"steam_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"tik_tok_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"twitch_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"twitter_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"embeddable_magic_link_factor": {
"embedded_id": "<string>"
},
"biometric_factor": {
"biometric_registration_id": "<string>"
},
"saml_sso_factor": {
"id": "<string>",
"provider_id": "<string>",
"external_id": "<string>"
},
"oidc_sso_factor": {
"id": "<string>",
"provider_id": "<string>",
"external_id": "<string>"
},
"salesforce_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"yahoo_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"hubspot_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"slack_oauth_exchange_factor": {
"email_id": "<string>"
},
"hubspot_oauth_exchange_factor": {
"email_id": "<string>"
},
"github_oauth_exchange_factor": {
"email_id": "<string>"
},
"google_oauth_exchange_factor": {
"email_id": "<string>"
},
"impersonated_factor": {
"impersonator_id": "<string>",
"impersonator_email_address": "<string>"
},
"oauth_access_token_exchange_factor": {
"client_id": "<string>"
},
"trusted_auth_token_factor": {
"token_id": "<string>"
}
}
],
"organization_id": "<string>",
"roles": [
"<string>"
],
"organization_slug": "<string>",
"custom_claims": {}
},
"member_device": {
"visitor_id": "<string>",
"visitor_id_details": {
"is_new": true,
"first_seen_at": "<string>",
"last_seen_at": "<string>"
},
"ip_address": "<string>",
"ip_address_details": {
"is_new": true,
"first_seen_at": "<string>",
"last_seen_at": "<string>"
},
"ip_geo_city": "<string>",
"ip_geo_region": "<string>",
"ip_geo_country": "<string>",
"ip_geo_country_details": {
"is_new": true,
"first_seen_at": "<string>",
"last_seen_at": "<string>"
}
}
}Sessions
Exchange Connected Apps Access Token
Exchange an access token issued by a trusted identity provider for a Stytch session
POST
/
v1
/
b2b
/
sessions
/
exchange_access_token
C#
Copy
Ask AI
// POST /v1/b2b/sessions/exchange_access_token
const stytch = require('stytch');
const client = new stytch.B2BClient({
project_id: '${projectId}',
secret: '${secret}',
});
const params = {
access_token: "${sessionJwt}",
};
client.Sessions.ExchangeAccessToken(params)
.then(resp => { console.log(resp) })
.catch(err => { console.log(err) });Copy
Ask AI
{
"request_id": "<string>",
"member_id": "<string>",
"session_token": "<string>",
"session_jwt": "<string>",
"member": {
"organization_id": "<string>",
"member_id": "<string>",
"email_address": "<string>",
"status": "<string>",
"name": "<string>",
"sso_registrations": [
{
"connection_id": "<string>",
"external_id": "<string>",
"registration_id": "<string>",
"sso_attributes": {}
}
],
"is_breakglass": true,
"member_password_id": "<string>",
"oauth_registrations": [
{
"provider_type": "<string>",
"provider_subject": "<string>",
"member_oauth_registration_id": "<string>",
"profile_picture_url": "<string>",
"locale": "<string>"
}
],
"email_address_verified": true,
"mfa_phone_number_verified": true,
"is_admin": true,
"totp_registration_id": "<string>",
"retired_email_addresses": [
{
"email_id": "<string>",
"email_address": "<string>"
}
],
"is_locked": true,
"mfa_enrolled": true,
"mfa_phone_number": "<string>",
"default_mfa_method": "<string>",
"roles": [
{
"role_id": "<string>",
"sources": [
{
"type": "<string>",
"details": {}
}
]
}
],
"trusted_metadata": {},
"untrusted_metadata": {},
"created_at": "<string>",
"updated_at": "<string>",
"scim_registration": {
"connection_id": "<string>",
"registration_id": "<string>",
"external_id": "<string>",
"scim_attributes": {
"user_name": "<string>",
"id": "<string>",
"external_id": "<string>",
"active": true,
"groups": [
{
"value": "<string>",
"display": "<string>"
}
],
"display_name": "<string>",
"nick_name": "<string>",
"profile_url": "<string>",
"user_type": "<string>",
"title": "<string>",
"preferred_language": "<string>",
"locale": "<string>",
"timezone": "<string>",
"emails": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"phone_numbers": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"addresses": [
{
"formatted": "<string>",
"street_address": "<string>",
"locality": "<string>",
"region": "<string>",
"postal_code": "<string>",
"country": "<string>",
"type": "<string>",
"primary": true
}
],
"ims": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"photos": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"entitlements": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"roles": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"x509certificates": [
{
"value": "<string>",
"type": "<string>",
"primary": true
}
],
"name": {
"formatted": "<string>",
"family_name": "<string>",
"given_name": "<string>",
"middle_name": "<string>",
"honorific_prefix": "<string>",
"honorific_suffix": "<string>"
},
"enterprise_extension": {
"employee_number": "<string>",
"cost_center": "<string>",
"division": "<string>",
"department": "<string>",
"organization": "<string>",
"manager": {
"value": "<string>",
"ref": "<string>",
"display_name": "<string>"
}
}
}
},
"external_id": "<string>",
"lock_created_at": "<string>",
"lock_expires_at": "<string>"
},
"organization": {
"organization_id": "<string>",
"organization_name": "<string>",
"organization_logo_url": "<string>",
"organization_slug": "<string>",
"sso_jit_provisioning": "<string>",
"sso_jit_provisioning_allowed_connections": [
"<string>"
],
"sso_active_connections": [
{
"connection_id": "<string>",
"display_name": "<string>",
"identity_provider": "<string>"
}
],
"email_allowed_domains": [
"<string>"
],
"email_jit_provisioning": "<string>",
"email_invites": "<string>",
"auth_methods": "<string>",
"allowed_auth_methods": [
"<string>"
],
"mfa_policy": "<string>",
"rbac_email_implicit_role_assignments": [
{
"domain": "<string>",
"role_id": "<string>"
}
],
"mfa_methods": "<string>",
"allowed_mfa_methods": [
"<string>"
],
"oauth_tenant_jit_provisioning": "<string>",
"claimed_email_domains": [
"<string>"
],
"first_party_connected_apps_allowed_type": "<string>",
"allowed_first_party_connected_apps": [
"<string>"
],
"third_party_connected_apps_allowed_type": "<string>",
"allowed_third_party_connected_apps": [
"<string>"
],
"custom_roles": [
{
"role_id": "<string>",
"description": "<string>",
"permissions": [
{
"resource_id": "<string>",
"actions": [
"<string>"
]
}
]
}
],
"trusted_metadata": {},
"created_at": "<string>",
"updated_at": "<string>",
"organization_external_id": "<string>",
"sso_default_connection_id": "<string>",
"scim_active_connection": {
"connection_id": "<string>",
"display_name": "<string>",
"bearer_token_last_four": "<string>",
"bearer_token_expires_at": "<string>"
},
"allowed_oauth_tenants": {}
},
"status_code": 123,
"member_session": {
"member_session_id": "<string>",
"member_id": "<string>",
"started_at": "<string>",
"last_accessed_at": "<string>",
"expires_at": "<string>",
"authentication_factors": [
{
"type": "magic_link",
"delivery_method": "email",
"last_authenticated_at": "<string>",
"created_at": "<string>",
"updated_at": "<string>",
"email_factor": {
"email_id": "<string>",
"email_address": "<string>"
},
"phone_number_factor": {
"phone_id": "<string>",
"phone_number": "<string>"
},
"google_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"microsoft_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"apple_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"webauthn_factor": {
"webauthn_registration_id": "<string>",
"domain": "<string>",
"user_agent": "<string>"
},
"authenticator_app_factor": {
"totp_id": "<string>"
},
"github_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"recovery_code_factor": {
"totp_recovery_code_id": "<string>"
},
"facebook_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"crypto_wallet_factor": {
"crypto_wallet_id": "<string>",
"crypto_wallet_address": "<string>",
"crypto_wallet_type": "<string>"
},
"amazon_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"bitbucket_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"coinbase_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"discord_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"figma_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"git_lab_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"instagram_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"linked_in_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"shopify_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"slack_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"snapchat_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"spotify_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"steam_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"tik_tok_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"twitch_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"twitter_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"embeddable_magic_link_factor": {
"embedded_id": "<string>"
},
"biometric_factor": {
"biometric_registration_id": "<string>"
},
"saml_sso_factor": {
"id": "<string>",
"provider_id": "<string>",
"external_id": "<string>"
},
"oidc_sso_factor": {
"id": "<string>",
"provider_id": "<string>",
"external_id": "<string>"
},
"salesforce_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"yahoo_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"hubspot_oauth_factor": {
"id": "<string>",
"provider_subject": "<string>",
"email_id": "<string>"
},
"slack_oauth_exchange_factor": {
"email_id": "<string>"
},
"hubspot_oauth_exchange_factor": {
"email_id": "<string>"
},
"github_oauth_exchange_factor": {
"email_id": "<string>"
},
"google_oauth_exchange_factor": {
"email_id": "<string>"
},
"impersonated_factor": {
"impersonator_id": "<string>",
"impersonator_email_address": "<string>"
},
"oauth_access_token_exchange_factor": {
"client_id": "<string>"
},
"trusted_auth_token_factor": {
"token_id": "<string>"
}
}
],
"organization_id": "<string>",
"roles": [
"<string>"
],
"organization_slug": "<string>",
"custom_claims": {}
},
"member_device": {
"visitor_id": "<string>",
"visitor_id_details": {
"is_new": true,
"first_seen_at": "<string>",
"last_seen_at": "<string>"
},
"ip_address": "<string>",
"ip_address_details": {
"is_new": true,
"first_seen_at": "<string>",
"last_seen_at": "<string>"
},
"ip_geo_city": "<string>",
"ip_geo_region": "<string>",
"ip_geo_country": "<string>",
"ip_geo_country_details": {
"is_new": true,
"first_seen_at": "<string>",
"last_seen_at": "<string>"
}
}
}Use this endpoint to exchange a Connected Apps Access Token back into a Member Session for the underlying . This session can then be used with the Stytch SDKs and APIs.
The Access Token must contain the
full_access scope (only available to First Party clients) and must not be more than 5 minutes old. Access Tokens may only be exchanged a single time.
The Member Session returned will be the same Member Session that was active in your application (the authorizing party) during the initial authorization flow.
Because the Member previously completed MFA and satisfied all Organization authentication requirements at the time of the original Access Token issuance, this endpoint will never return an intermediate_session_token or require MFA.Authorizations
Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.
Body
application/json
Request type
The access token to exchange for a Stytch Session. Must be granted the full_access scope.
Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,
returning both an opaque session_token and session_jwt for this session. Remember that the session_jwt will have a fixed lifetime of
five minutes regardless of the underlying session duration, and will need to be refreshed over time.
This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).
If a session_token or session_jwt is provided then a successful authentication will continue to extend the session this many minutes.
If the session_duration_minutes parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want
to use the Stytch session product, you can ignore the session fields in the response.
Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in
session_duration_minutes. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To
delete a key, supply a null value. Custom claims made with reserved claims (iss, sub, aud, exp, nbf, iat, jti) will be ignored.
Total custom claims size cannot exceed four kilobytes.
If the telemetry_id is passed, as part of this request, Stytch will call the Fingerprint Lookup API and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature.
Response
Successful response
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
Globally unique UUID that identifies a specific Member.
A secret token for a given Stytch Session.
The JSON Web Token (JWT) for a given Stytch Session.
The Member object
Show child attributes
Show child attributes
The Organization object.
Show child attributes
Show child attributes
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
The Session object.
Show child attributes
Show child attributes
If a valid telemetry_id was passed in the request and the Fingerprint Lookup API returned results, the member_device response field will contain information about the member's device attributes.
Show child attributes
Show child attributes
⌘I