The Login service serves as the interface between external authentication systems and Taskcluster credentials.
FunctionsUsing the APIs
|Get Taskcluster credentials given a suitable `access_token`|
ping() : void
Respond without doing anything. This endpoint is used to check that the service is up.
Get Taskcluster credentials given a suitable
oidcCredentials(provider) : result
Given an OIDC
access_token from a trusted OpenID provider, return a
set of Taskcluster credentials for use on behalf of the identified
This method is typically not called with a Taskcluster client library
and does not accept Hawk credentials. The
access_token should be
given in an
Authorization: Bearer abc.xyz
access_token is first verified against the named
:provider, then passed to the provider's APIBuilder to retrieve a user
profile. That profile is then used to generate Taskcluster credentials
appropriate to the user. Note that the resulting credentials may or may
not include a
certificate property. Callers should be prepared for either
The given credentials will expire in a relatively short time. Callers should monitor this expiration and refresh the credentials if necessary, by calling this endpoint again, if they have expired.
Credentials Response (source)
A response containing credentials corresponding to a supplied OIDC
Time after which the credentials are no longer valid. Callers should
Taskcluster credentials. Note that the credentials may not contain a certificate!