Login API


BaseUrl
https://login.taskcluster.net/v1

The Login service serves as the interface between external authentication systems and Taskcluster credentials.

Functions

Using the APIs
SignatureSummary
ping() : voidPing Server
oidcCredentials(provider) : resultGet Taskcluster credentials given a suitable `access_token`

Ping Server

Method
get
Route
/ping
Signature
ping() : void
Stability
stable

Respond without doing anything. This endpoint is used to check that the service is up.



Get Taskcluster credentials given a suitable access_token

(experimental)

Method
get
Route
/oidc-credentials/<provider>
Signature
oidcCredentials(provider) : result
Stability
experimental

Given an OIDC access_token from a trusted OpenID provider, return a set of Taskcluster credentials for use on behalf of the identified user.

This method is typically not called with a Taskcluster client library and does not accept Hawk credentials. The access_token should be given in an Authorization header:

Authorization: Bearer abc.xyz

The access_token is first verified against the named :provider, then passed to the provider's APIBuilder to retrieve a user profile. That profile is then used to generate Taskcluster credentials appropriate to the user. Note that the resulting credentials may or may not include a certificate property. Callers should be prepared for either alternative.

The given credentials will expire in a relatively short time. Callers should monitor this expiration and refresh the credentials if necessary, by calling this endpoint again, if they have expired.

Response

Credentials Response (source)

A response containing credentials corresponding to a supplied OIDC access_token.

expiresstringdate-time

Time after which the credentials are no longer valid. Callers should call oidcCredentials again to get fresh credentials before this time.

credentialsObject of

Taskcluster credentials. Note that the credentials may not contain a certificate!

clientIdstring^[A-Za-z0-9!@/:.+|_-]+$
accessTokenstring^[a-zA-Z0-9_-]{22,66}$
certificatestring