Connected App Access Token Exchange

Exchange Access Token

POST

https://test.stytch.com/v1/sessions/exchange_access_token

Use this endpoint to exchange a Connected Apps Access Token back into a Stytch Session for the underlying User. This session can be used with the Stytch SDKs and APIs.

The Access Token must contain the full_access scope and must not be more than 5 minutes old. Access Tokens may only be exchanged a single time.

Body parameters

access_token* string

session_duration_minutes int

session_custom_claims map<string, any>

Response fields

request_id string

status_code int

user_id string

session_token string

session_jwt string

session object

user object

const stytch = require('stytch');

const client = new stytch.Client({
  project_id: 'PROJECT_ID',
  secret: 'SECRET',
});

const params = {
  access_token: "eyJ...",
};

client.sessions.exchangeAccessToken(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

RESPONSE

{
	"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
	"status_code": 200,
	"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
	"session_jwt": "example_jwt",
	"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
	"session": {...},
	"user": {...}
}

Delete

Via email

Embeddable

Start

Reset options

Via SMS

Via Whatsapp

Via email

Register

Authenticate

Token

M2M Client

Rotate secret

Tokens

Configuration

Methods

Exchange Access Token

Body parameters

Response fields