Skip to content

Generate Authentication Code


POST /api/v1/offline_token/temporary_auth_code/create

Overview

Generate a one-time authentication code.

Body Request Parameters

Parameter Name Type Required Description
roles array List of role UUIDs
Example: ['readOnly']
Allow empty: False
roles[*] string Y Role identifier
Allow empty: False
expires integer Y Token expiration time (in seconds)
Example: 3600
Allow empty: False
$maxValue: 604800
$minValue: 1

Parameter Supplementary Notes

Usage Instructions

This interface does not directly return a token, but only returns a one-time authCode. It is suitable for scenarios where authentication credentials need to be passed to the frontend via page parameters, but you do not want to expose the real token directly.

  1. Construct the direct login authentication intermediate page address /redirect_auth/{authCode}?overwrite=true&to=xxx; the intermediate page will exchange the authCode for a real token.
  2. The parameter overwrite=true indicates overwriting the currently logged-in token; (default can be omitted, meaning a temporary token);
  3. The parameter to=xxx indicates the page address (relative address) to jump to.
  4. After a successful exchange, the authCode will become invalid immediately; if no further use is needed, you can actively invalidate it by calling POST /offline_token/temporary_auth_code/revoke.

Precautions

  1. authCode can only be used successfully once.
  2. authCode will automatically expire after the time specified by expiresIn.
  3. The frontend should use authCode to exchange for a real token, and should not use authCode directly as a token.

Response