Login API
- BaseUrl
https://login.taskcluster.net/v1
The Login service serves as the interface between external authentication systems and Taskcluster credentials.
Functions
Using the APIs| Signature | Summary |
|---|---|
oidcCredentials(provider) : result | Get Taskcluster credentials given a suitable `access_token` |
ping() : void | Ping Server |
Get Taskcluster credentials given a suitable access_token
- Method
- get
- Route
/oidc-credentials/<provider>- Signature
oidcCredentials(provider) : result- Stability
experimental
Given an OIDC access_token from a trusted OpenID provider, return a
set of Taskcluster credentials for use on behalf of the identified
user.
This method is typically not called with a Taskcluster client library
and does not accept Hawk credentials. The access_token should be
given in an Authorization header:
Authorization: Bearer abc.xyz
The access_token is first verified against the named
:provider, then passed to the provider's API to retrieve a user
profile. That profile is then used to generate Taskcluster credentials
appropriate to the user. Note that the resulting credentials may or may
not include a certificate property. Callers should be prepared for either
alternative.
The given credentials will expire in a relatively short time. Callers should monitor this expiration and refresh the credentials if necessary, by calling this endpoint again, if they have expired.
Response
Credentials Response (source)
A response containing credentials corresponding to a supplied OIDC access_token.
| expires | string | date-time | Time after which the credentials are no longer valid. Callers should
call | ||||||||||||
| credentials | Object of | Taskcluster credentials. Note that the credentials may not contain a certificate! | |||||||||||||
| |||||||||||||||
Ping Server
- Method
- get
- Route
/ping- Signature
ping() : void- Stability
stable
Respond without doing anything. This endpoint is used to check that the service is up.