Auth Module

SDK authentication methods including hosted auth context.

Updated May 10, 2026 Edit this page

Auth Module

The sso.auth module covers URL construction, hosted auth metadata, login flows, MFA completion, password recovery, and device authorization.

Key methods

sso.auth.getLoginUrl(provider, params)

Builds the end-user OAuth login URL.

Use org, service, and redirect_uri for tenant-scoped hosted auth.

sso.auth.getAdminLoginUrl(provider, params?)

Builds the admin OAuth login URL for platform and organization operators.

sso.auth.getContext(params?)

Fetches public hosted-auth metadata before a user starts login.

const context = await sso.auth.getContext({
  org: 'acme-corp',
  service: 'main-app',
  redirect_uri: 'https://app.acme.com/callback',
});

Returns:

  • public organization branding and status
  • public service metadata
  • available providers
  • enabled auth methods
  • redirect URI validation state when supplied

sso.auth.login(payload)

Password login. When MFA is required, the call returns a short-lived pre-auth token and the final session is completed with verifyMfa(...).

sso.auth.register(payload)

Registers a new user. Include org_slug and service_slug when the identity should be attributed to a tenant service.

sso.auth.requestPasswordReset(payload) and resetPassword(payload)

Start and finish the password reset flow.

sso.auth.logout()

Revokes the session and clears stored tokens.

sso.auth.deviceCode.request(...), verify(...), exchangeToken(...)

Implements RFC 8628 device flow for CLIs and headless clients.