Submit a subject token and receive a Trovi authentication token
Users must obtain an authentication token from one of the supported Trovi identity providers, and then submit that subject token to the TokenGrant endpoint in order to obtain a Trovi token. All Trovi tokens adhere to the following properties:
Expire 5 minutes after they are issued
Are in the JWT format (JWS string)
Token requests adhere to the following properties:
The only supported grant type is "token_exchange"
Subject tokens must be in the JWT format (JWS string)
The following scopes are available for all Trovi tokens. Currently, any requested scopes will be granted to any user. This is subject to change.
artifacts:read
- Read all artifacts which are accessible to the user
artifacts:write
- Edit all artifacts for which the user is an owner or author, and create new artifacts
artifacts:write_metrics
- Update artifact access metrics
Exchange subject tokens from a federated identity provider for a Trovi authentication token
Currently, the only federated identity provider supported is Chameleon Keycloak. To have your application added to the list of approved identity providers, please fill out the Google Form attached to this page.
Supported identity providers must speak OpenID Connect.
Once a Trovi Token is exchanged, it is used to authenticate to any Trovi endpoint by attaching it to the URL via the access_token
parameter.