Authentication

3 endpoints in this group. All paths are prefixed with /api/v1.

Endpoints in this group#

• GET /api/v1/auth/config — Get Auth Config
• GET /api/v1/auth/me — Get Me
• POST /api/v1/auth/token — Proxy Token

GET /api/v1/auth/config — Get Auth Config {#get-api-v1-auth-config}#

Public endpoint — returns OIDC configuration for the portal login flow.

Responses:

• 200 — Successful Response. Returns: AuthConfigResponse — {issuer, client_id, scopes, logout_url}

GET /api/v1/auth/me — Get Me {#get-api-v1-auth-me}#

Return the current user's profile with merged local roles + identity.

Identity (email, display name, tenant/partner names) is sourced from the synced User row so it stays consistent across token refreshes — JWT claims for name/email aren't always present.

Parameters:

• authorization (header, string, optional)

Responses:

• 200 — Successful Response. Returns: MeResponse — {user_id, tenant_id, partner_id, email + 5 more}
• 422 — Validation Error. Returns: HTTPValidationError — {detail}

POST /api/v1/auth/token — Proxy Token {#post-api-v1-auth-token}#

Proxy token exchange to ScaiKey — avoids CORS issues from browser.

Body: TokenRequest — {grant_type, code, redirect_uri, code_verifier + 1 more}

Responses:

• 200 — Successful Response. Returns: object
• 422 — Validation Error. Returns: HTTPValidationError — {detail}