Skip to main content

OidcCallbackResponse

Response from OIDC callback (successful authentication)

This mirrors the standard LoginResponse format for consistency.

accessTokenstringrequired

JWT access token

Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ
expiresIninteger<int64>required

Token expiry in seconds

Possible values: >= 0

Example: 86400
newAccountbooleanrequired

Whether this is a newly created account

Example: false
providerstringrequired

OIDC provider used for authentication

Example: authentik
tokenTypestringrequired

Token type (always "Bearer")

Example: Bearer
user objectrequired

User information in login response

emailstringrequired

Email address

Example: admin@example.com
emailVerifiedbooleanrequired

Whether email has been verified

Example: true
idstring<uuid>required

User unique identifier

Example: 550e8400-e29b-41d4-a716-446655440000
permissionsstring[]required

Custom permissions granted to the user (in addition to role permissions)

Example: ["libraries:write","series:delete"]
rolestringrequired

User role (reader, maintainer, admin)

Example: admin
usernamestringrequired

Username

Example: admin
OidcCallbackResponse
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ",
  "expiresIn": 86400,
  "newAccount": false,
  "provider": "authentik",
  "tokenType": "Bearer",
  "user": {
    "email": "admin@example.com",
    "emailVerified": true,
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "permissions": [
      "libraries:write",
      "series:delete"
    ],
    "role": "admin",
    "username": "admin"
  }
}