{"info":{"_postman_id":"19527b07-841b-4ece-a971-061417fbaa77","name":"Generic Token Exchange - External","description":"<html><head></head><body><h4 id=\"overview\">Overview</h4>\n<p>This service is used for exchanging a third party JWT for a Cortex JWT.</p>\n<p>The third party JWT is validated using either:</p>\n<ul>\n<li><p>Shared secret</p>\n</li>\n<li><p>Public key</p>\n</li>\n<li><p>JWKS URL</p>\n</li>\n</ul>\n<h4 id=\"environments\">Environments</h4>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th><strong>Environment</strong></th>\n<th><strong>Base URL</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Stage</td>\n<td><a href=\"https://feeds.incrowdsports.com/provider/token-exchange-stage/\">https://feeds.incrowdsports.com/provider/token-exchange-stage/</a></td>\n</tr>\n<tr>\n<td>Production</td>\n<td><a href=\"https://feeds.incrowdsports.com/provider/token-exchange/\">https://feeds.incrowdsports.com/provider/token-exchange/</a></td>\n</tr>\n</tbody>\n</table>\n</div><h4 id=\"configuration\">Configuration</h4>\n<p>In order to setup the service configuration for a new SSO provider, we will need the <b>following information</b> and an <b>example JWT</b> if possible:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th><strong>Field Name</strong></th>\n<th><strong>Description</strong></th>\n<th><strong>Example</strong></th>\n<th><strong>Notes</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>provider</code></td>\n<td>Name of the SSO provider</td>\n<td><code>OKTA</code></td>\n<td></td>\n</tr>\n<tr>\n<td><code>uniqueIDField</code></td>\n<td>SSO user ID field claim</td>\n<td><code>sub</code></td>\n<td></td>\n</tr>\n<tr>\n<td><code>emailField</code></td>\n<td>Email field claim</td>\n<td><code>email</code></td>\n<td></td>\n</tr>\n<tr>\n<td><code>firstNameField</code></td>\n<td>First name field claim</td>\n<td><code>given_name</code></td>\n<td></td>\n</tr>\n<tr>\n<td><code>lastNameField</code></td>\n<td>Last name field claim</td>\n<td><code>family_name</code></td>\n<td></td>\n</tr>\n<tr>\n<td><code>jwksURL</code></td>\n<td>JWKS URL - to fetch the public key for JWT signature verification</td>\n<td><code>https://sso.example.com/.well-known/openid-configuration/jwks</code></td>\n<td>Supported by most OpenID Connect compliant SSO providers</td>\n</tr>\n<tr>\n<td><code>secret</code></td>\n<td>Shared secret or public key - used to verify JWT signature</td>\n<td><code>supersecretkey</code></td>\n<td>Only required if no JWKS URL exists</td>\n</tr>\n<tr>\n<td><code>emailVerified</code></td>\n<td>Does the SSO provider perform email verification?</td>\n<td><code>true</code></td>\n<td></td>\n</tr>\n<tr>\n<td><code>userInfo.url</code></td>\n<td>userinfo endpoint used to fetch first name and last name</td>\n<td><code>https://sso.example.com/oauth/userinfo</code></td>\n<td>This is <strong>optional</strong> and only required if first name and last name is not avaialble as claims in the JWT</td>\n</tr>\n</tbody>\n</table>\n</div></body></html>","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"2957316","collectionId":"19527b07-841b-4ece-a971-061417fbaa77","publishedId":"2s93CLsYsi","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"publishDate":"2023-02-22T09:36:43.000Z"},"item":[{"name":"Exchange Token","id":"10994b1d-f34b-43d6-bbbb-24507d785a44","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"urlencoded","urlencoded":[{"key":"token","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJGb3JlbmFtZSI6Ik1hdHRoZXciLCJTdXJuYW1lIjoiQXJub2xkIiwiRW1haWwiOiJtYXR0LmFybm9sZEBpbmNyb3dkc3BvcnRzLmNvbSIsImZhbklEIjoxMTQ0MzcsInRpY2tldEZhbklEIjoiMzAxMzIyMzkiLCJjb250YWN0X251bWJlciI6IjA3Nzg5MjYwMTE1IiwiZG9iIjoiMTk4Mi0wNy0xNCIsImVtYWlsX2RjZmMiOjAsInBob25lX2RjZmMiOjAsInBvc3RfZGNmYyI6MCwiZW1haWxfcGFydG5lcnMiOjAsInN1YiI6MTE0NDM3LCJpc3MiOiJodHRwOi8vd3d3LmRjZmMuY28udWsvY3VzdG9tZXIvbG9naW4iLCJpYXQiOjE2Mjg3NTY2NTcsImV4cCI6MTYyODc3NDY1NywibmJmIjoxNjI4NzU2MzU3LCJqdGkiOiJ6bDFJQjZtdVZSbVdVR0R4In0.9HITf3jDqel_JT7rtCRZm2ZmlOnH1veCogVPIFGgct0","description":"<p>The Third Party Token</p>\n","type":"text"},{"key":"clientId","value":"{{clientId}}","description":"<p>The client ID</p>\n","type":"text"},{"key":"deviceId","value":"71125e92-de9d-4df6-bc1b-95e1c8b6c1a4","description":"<p>The device ID making the request</p>\n","type":"text"},{"key":"registerSource","value":"","description":"<p>The source of the registration, e.g. club-app or fantasy-web [optional]</p>\n","type":"text"},{"key":"registerType","value":"","description":"<p>The type of registration e.g. sign-up or polls [optional]</p>\n","type":"text"},{"key":"registerPlatform","value":"","description":"<p>The platform the Fan is registering on, e.g. android, ios or web [optional]</p>\n","type":"text"},{"key":"provider","value":"STANDARD","type":"text","uuid":"62fd4809-1d03-42e5-8cda-990094bbc6b1"}]},"url":"{{baseUrl}}/v1/token","description":"<p>Exchange a JWT token from a third party for Cortex access and refresh tokens.</p>\n","urlObject":{"path":["v1","token"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"032bfde0-cecb-49eb-8468-f6ff4c16cfb1","name":"Exchange Token - Success","originalRequest":{"method":"POST","header":[],"body":{"mode":"urlencoded","urlencoded":[{"key":"token","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJGb3JlbmFtZSI6Ik1hdHRoZXciLCJTdXJuYW1lIjoiQXJub2xkIiwiRW1haWwiOiJtYXR0LmFybm9sZEBpbmNyb3dkc3BvcnRzLmNvbSIsImZhbklEIjoxMTQ0MzcsInRpY2tldEZhbklEIjoiMzAxMzIyMzkiLCJjb250YWN0X251bWJlciI6IjA3Nzg5MjYwMTE1IiwiZG9iIjoiMTk4Mi0wNy0xNCIsImVtYWlsX2RjZmMiOjAsInBob25lX2RjZmMiOjAsInBvc3RfZGNmYyI6MCwiZW1haWxfcGFydG5lcnMiOjAsInN1YiI6MTE0NDM3LCJpc3MiOiJodHRwOi8vd3d3LmRjZmMuY28udWsvY3VzdG9tZXIvbG9naW4iLCJpYXQiOjE2Mjg3NTY2NTcsImV4cCI6MTYyODc3NDY1NywibmJmIjoxNjI4NzU2MzU3LCJqdGkiOiJ6bDFJQjZtdVZSbVdVR0R4In0.9HITf3jDqel_JT7rtCRZm2ZmlOnH1veCogVPIFGgct0","type":"text"},{"key":"deviceId","value":"91c63403-4a47-4c23-8805-845b652a8e69","type":"text"},{"key":"clientId","value":"INCROWD","type":"text"},{"key":"provider","value":"STANDARD","type":"text","uuid":"fde6fcb9-1b12-4652-82ba-8a48a6054078"}]},"url":"{{baseUrl}}/v1/token"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Server","value":"nginx/1.19.1"},{"key":"Date","value":"Thu, 12 Aug 2021 08:54:23 GMT"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Vary","value":"Origin"},{"key":"Content-Encoding","value":"gzip"},{"key":"X-Cache","value":"Miss from cloudfront"},{"key":"Via","value":"1.1 1f0b2edf1d5c127c320be20441fdb063.cloudfront.net (CloudFront)"},{"key":"X-Amz-Cf-Pop","value":"LHR62-C4"},{"key":"X-Amz-Cf-Id","value":"27sB7h-g2ukx5cFjxTFgwjw7yvhp_lONhcy9uIV66gB4SUaeCR5QwA=="}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"success\",\n    \"data\": {\n        \"access_token\": \"eyJhbGciOiJSUzI1NiIsImtpZCI6InpLSmRVbzd5UkR0M1A3YWYxNEZNSjd1bmxpdkdab1NpIiwidHlwIjoiSldUIn0.eyJzdWIiOjE5NDM2NiwiY2xpZW50X2lkIjoiREVSQlkiLCJmaXJzdF9uYW1lIjoiTWF0dGhldyIsImxhc3RfbmFtZSI6IkFybm9sZCIsImVtYWlsIjoibWF0dC5hcm5vbGRAaW5jcm93ZHNwb3J0cy5jb20iLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhvcml0aWVzIjpbIlJPTEVfVVNFUl8qIiwiUk9MRV9WRVJJRklFRF8qIiwiUk9MRV9QUk9GSUxFQ09NUExFVEVfKiIsIlJPTEVfUFJFRkVSRU5DRVNDT01QTEVURV8qIiwiUk9MRV9NQVJLRVRJTkdQUkVGRVJFTkNFU0NPTVBMRVRFXyoiLCJST0xFX1NVR0FSQURNSU5fUkZMIiwiUk9MRV9QT0xMQURNSU5fUkZMIiwiUk9MRV9QT0xMQURNSU5fKiIsIlJPTEVfU1VHQVJBRE1JTl8qIiwiUk9MRV9PVkVSMThfKiIsIlJPTEVfU1RSRUFNQURNSU5fKiIsIlJPTEVfQ0FTVEFETUlOXyoiLCJST0xFX1RJQ0tFVEFETUlOXyoiLCJST0xFX1BST0ZJTEVBRE1JTl8qIiwiUk9MRV9QUkVESUNUT1JBRE1JTl8qIiwiUk9MRV9DTVNBRE1JTl8qIiwiUk9MRV9EQVNIQk9BUkRfUkZMX1VTRVIiLCJST0xFX1BPTExBRE1JTl9QUkwiLCJST0xFX0NBU1RBRE1JTl9JTkNST1dEIl0sImV4cCI6MTYyODg0NDg2MywianRpIjoiYjE2M2E2NzYtZDUwOS00NzY2LWE5MTctMDg2ZGVmYWM2MjVjIiwiaXNzIjoiSW5Dcm93ZCJ9.gno38fozUCDHyw8ri8EkeazH4W5oH1tZiAehS9i34syY9HobSPw1nce1P5LOcv73QFEHrJR-1kQeAObaKW9MDDMLJCAgVk0p7ERLZ-PUw5qo6im1OBKPN8hJOPrQDt8-8lqUc7itD-t_vBqecOxREHjiUj0h7D2aJQm_wIKpkyQDknALdXKIhvvftZtaejJkyz9Xyoonearr-8C1xsSlWhsIWWnDnS7xhTS-nJcBOLaOE7TW3m9HBjiEb1ZHONtj_hHNy22Rr0m8nie4UwodJhTTJYxVtQ5LAKmnzva35G4q4D3Cy9c0lEpy7hPT7xu9m0kQhzkGZRhEhLZpGmRAyQ\",\n        \"token_type\": \"bearer\",\n        \"refresh_token\": \"eyJhbGciOiJSUzI1NiIsImtpZCI6InpLSmRVbzd5UkR0M1A3YWYxNEZNSjd1bmxpdkdab1NpIiwidHlwIjoiSldUIn0.eyJzdWIiOjE5NDM2NiwiY2xpZW50X2lkIjoiREVSQlkiLCJmaXJzdF9uYW1lIjoiTWF0dGhldyIsImxhc3RfbmFtZSI6IkFybm9sZCIsImVtYWlsIjoibWF0dC5hcm5vbGRAaW5jcm93ZHNwb3J0cy5jb20iLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhvcml0aWVzIjpbIlJPTEVfVVNFUl8qIiwiUk9MRV9WRVJJRklFRF8qIiwiUk9MRV9QUk9GSUxFQ09NUExFVEVfKiIsIlJPTEVfUFJFRkVSRU5DRVNDT01QTEVURV8qIiwiUk9MRV9NQVJLRVRJTkdQUkVGRVJFTkNFU0NPTVBMRVRFXyoiLCJST0xFX1NVR0FSQURNSU5fUkZMIiwiUk9MRV9QT0xMQURNSU5fUkZMIiwiUk9MRV9QT0xMQURNSU5fKiIsIlJPTEVfU1VHQVJBRE1JTl8qIiwiUk9MRV9PVkVSMThfKiIsIlJPTEVfU1RSRUFNQURNSU5fKiIsIlJPTEVfQ0FTVEFETUlOXyoiLCJST0xFX1RJQ0tFVEFETUlOXyoiLCJST0xFX1BST0ZJTEVBRE1JTl8qIiwiUk9MRV9QUkVESUNUT1JBRE1JTl8qIiwiUk9MRV9DTVNBRE1JTl8qIiwiUk9MRV9EQVNIQk9BUkRfUkZMX1VTRVIiLCJST0xFX1BPTExBRE1JTl9QUkwiLCJST0xFX0NBU1RBRE1JTl9JTkNST1dEIl0sImF0aSI6ImIxNjNhNjc2LWQ1MDktNDc2Ni1hOTE3LTA4NmRlZmFjNjI1YyIsImV4cCI6MTY0NDUzODQ2MywianRpIjoiMWVjM2VkNDktMmMxNy00MDQyLWI4MmEtZWY0ZjRiZDY5OTRmIiwiaXNzIjoiSW5Dcm93ZCJ9.klqdSrMv16p-maL4s7k1rX_F3C39WVq9LTyG2wDDkTgk0puJVni33IKoroMHqLVU2Dj8dVkKvwqSmZ3pBtew_-ExXI2aC6WXrHmNWnQQ-_DGRXLuzJsDKVPB1Kv6qc8ZHs4jnRyzcsJFXXxN_DtDwHAIugXOjdasebfwZkLTc5sk3P7FXrDMrUTjm6odhWCyMGplXM5FoH6H1BuXom87ztjxqy_OTB0H9VYZH6J-07yvDsN6-Hy58aMI_VOEBIJhXPbak_NEpcTKnIjpKAW2H9qbziInRFoX582kQhYLsScNuSsaL0T1KQShxXxjTkMp8rZP70Npipy7XS8waLw6Qw\",\n        \"expires_in\": 86399,\n        \"scope\": \"openid profile\",\n        \"jti\": \"b163a676-d509-4766-a917-086defac625c\"\n    },\n    \"metadata\": {\n        \"createdAt\": \"2021-08-12T08:54:23.414Z\"\n    }\n}"},{"id":"6127f93a-3601-4269-b492-603774ecd5c0","name":"Exchange Token - Malformed token","originalRequest":{"method":"POST","header":[],"body":{"mode":"urlencoded","urlencoded":[{"key":"token","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.","type":"text"},{"key":"deviceId","value":"f96a6665-a468-45af-8d9e-da390284ab3b","type":"text"},{"key":"clientId","value":"INCROWD","type":"text"},{"key":"provider","value":"STANDARD","type":"text","uuid":"a367f715-453f-4cb9-97a3-7d9322e25bcb"}]},"url":"{{baseUrl}}/v1/token"},"status":"Unauthorized","code":401,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Content-Length","value":"184"},{"key":"Connection","value":"keep-alive"},{"key":"Server","value":"nginx/1.19.1"},{"key":"Date","value":"Thu, 12 Aug 2021 08:56:07 GMT"},{"key":"Vary","value":"Origin"},{"key":"X-Cache","value":"Error from cloudfront"},{"key":"Via","value":"1.1 1f0b2edf1d5c127c320be20441fdb063.cloudfront.net (CloudFront)"},{"key":"X-Amz-Cf-Pop","value":"LHR62-C4"},{"key":"X-Amz-Cf-Id","value":"lbxIPh-jX-UB-NkThEu_YjBInTunnGGvvfq-j19KvF89V8gd2121WA=="}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"fail\",\n    \"error\": {\n        \"code\": \"error_token\",\n        \"domain\": \"generic-token-exchange\"\n    },\n    \"message\": \"Unable to decode authorization token\",\n    \"metadata\": {\n        \"createdAt\": \"2021-08-12T08:56:07.520Z\"\n    }\n}"}],"_postman_id":"10994b1d-f34b-43d6-bbbb-24507d785a44"}]}