. API  . SSO Token API

SSO Token API

This API can be used to fetch SSO provider assigned user access-token.

GET https://{{host}}/api/public/users/{{userId}}/ssotoken?email={{email}}

Notes:

  • This is applicable to O365 or Google SSO users only.
  • As this is sensitive information, it requires consent from the user’s enterprise admin to share this token (see here for details).

Using this SSO Token, skill developers can access O365 & Google APIs within the following scopes:

  • User Profile
  • Calendar Read/Write
  • User contacts
  • Read Emails (Only for o365)
  • Files (Only for o365)

Path Parameters

Parameter Description
host Environment URL, for example, https://kora.kore.ai
userId User id making the request

Query Parameters

Parameter Description
email Email id for the person whose SSO token is requested

Authorization

Invoke the API with JWT in the header with the following syntax:

auth: {JWT}

Or Directly pass the userToken in the request header as follows:
"token": "<userToken>"

(See here for details)

Response content type

application/json

Sample Request

curl -X GET \
  https://kora.kore.ai/api/public/users/<u-user-uuid>/ssotoken?email=user@example.com \
  -H 'auth: YOUR_JWT_ACCESS_TOKEN'

Sample Response

Success Response

{
  "emailId": "user@example.com",
  "accessToken": "eyJ0eXAiOiJKV1QiLCJub25jZSI6InVhY05Daaaaaaa_w",
  "SSOProvider": "AzureAD", // or google
  "expireAt": 1602221900272 // token is valid till this unix time
 }

Error Response when consent is not provided

{
    "errors": [
        {
            "msg": "Disabled by Admin",
            "code": 403
        }
    ]
}