Employee Identity (EIAM)
Session Token to ID Token Exchange API
API
Calling this API will refresh the id_token. If automatic refresh of the session_token is configured in the console, this API will also refresh the session_token.
# Request Specification
Request URL https://{your_domain}/api/v2/sdk/sso/session-token/id-token
Request Method POST
Content-Type application/json
# Request Header Parameters
| Parameter | Chinese Name | Required | Type | Example |
|---|---|---|---|---|
| X-operating-sys-version | Caller OS Version | Yes | String | windows10.1.1 |
| X-device-fingerprint | Caller Device Fingerprint | Yes | String | 156aysdna213sc50 |
| X-device-ip | Caller IP | No | String | 192.168.1.2 |
| X-agent | User-Agent Information | Yes | String | Mozilla/5.0 (iPhone; CPU iPhone OS 13_3 like Mac OS X) AppleWebKit/605.1.15(KHTML, like Gecko) Mobile/15E148/HuaWei-AnyOffice/2.6.1802.0010/com.huawei.cloudlink.workplace |
| X-L | For Internationalization Language Setting | No | String | zh |
| X-client-id | Application Authorization ID | Yes | String | nTo1eRIub60vPb54WeE6aojPwYwImtl4 |
| X-session-token | Session Token | Yes | String | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWJqZWN |
# Request Parameters
None
# Response Example
Success Example:
HTTP/1.1 200 OK
Content-Type: application/json
{
"session_token":"nRUxqRE5TSlQwd3NBIiwiaW",
"expire": 604800,
"id_token": "eyJraWQiOiI0NjJhYjY0OTM0Zjk0ZTRmOGE4MjU2Mzc4YzgyMTVlMiIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJodHRwczovL21oLmlkYWFzLXRlc3QtYWxwaGEuYmNjYXN0bGUuY29tL2FwaS92MS9vYXV0aDIiLCJhdWQiOiJwT0p1YVhHSmRqNFZzTzZmaVFRaUpia3JxSXFIMTZqNiIsInN1YiI6ImFkbWluIiwiZXhwIjoxNjQ2ODgzNzc5LCJqdGkiOiJaa1hnZ3FCZzZnRUxqRE5TSlQwd3NBIiwiaWF0IjoxNjQ2ODc2NTc5LCJuYmYiOjE2NDY4NzY0NTksImlkIjoiMjAyMjAxMjYxNDE1MDc5MjAtQzlCNy0xMjRGMzVCNEQiLCJuYW1lIjoiYWRtaW4xMSIsInVzZXJOYW1lIjoiYWRtaW4iLCJtb2JpbGUiOiIrODYtMTgyNzE5NDkwNTUiLCJlbWFpbCI6ImFhc2RAcXEuY29tIn0.Jz3pZhvpVQDKXyPaeDYar4jKNi9m3liXqgM4qHb8pWVbi0D8OpgYFYCX-LzSqEfU6ex_ix9_nctHXsPt-4wdhX75eMrQXZFCO4mwGpsdKQBAqSkKJ6Vv53j_Ptr6Lu87dVDPX9SqL3yv3KpNP6hfn74ShQVE23BXfm12-KAY8otJUdeL2OS3v0N7xdjgaYeIAXf7LhrMEo1tNCRCY8uuCKjC280yIKtrRSC86oB5hEW-QFTjtt938TV4cpb1x6zO99SSwR_SnJE1w069wHREjAhMw4Q2uo7CXqPojn5oUrIvlE8GuXwoYFFQand4IgNPMk-EnPT4NLVJ8oEoRsydhg"
}
Error Example:
HTTP/1.1 400 Bad Request
{
"error_code": "SDK.COMMON.1001",
"error_msg": "Parameter X-client-id cannot be empty"
}
HTTP/1.1 400 Bad Request
{
"error_code": "SDK.COMMON.1006",
"error_msg": "session_token parameter error"
}
HTTP/1.1 400 Bad Request
{
"error_code": "SDK.COMMON.1005",
"error_msg":"LgTZcmcTAJZnqylkzlTjubV24iI8a1jF1 has expired"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Response Parameters
| Parameter Name | Chinese Name | Type | Description |
|---|---|---|---|
| expire | session_token validity period | Number | Session_token validity period, id_token can be obtained using the session_token within this period. |
| session_token | User session_token | String | User session_token, this token can be used to call IDaas interfaces to obtain id_token. |
| id_token | Short-term valid, interface call credential | String | This field is a JWT, containing user information and application scope information, needs to be verified and decoded to obtain. Default validity is 2 hours, configurable. |
I am ready. Please provide the Markdown content to translate.