# Authentication

## auth_internal_docs_only_token_claims_retrieve

 - [GET /auth/internal/docs-only/token-claims/](https://docs.adm.wearetransformers.nl/apis/schema/authentication/auth_internal_docs_only_token_claims_retrieve.md): Schema for the custom JWT claims included in access tokens. Docs-only endpoint; not used by the application at runtime.

## auth_login_create

 - [POST /auth/login/](https://docs.adm.wearetransformers.nl/apis/schema/authentication/auth_login_create.md): Takes a set of user credentials and returns an access and refresh JSON web
token pair to prove the authentication of those credentials.

## auth_logout_create

 - [POST /auth/logout/](https://docs.adm.wearetransformers.nl/apis/schema/authentication/auth_logout_create.md)

## Exchange OIDC LoginGrant code for JWTs

 - [POST /auth/oidc/exchange](https://docs.adm.wearetransformers.nl/apis/schema/authentication/oidc_exchange.md): Exchanges a one-time LoginGrant code produced by the SPA OIDC callback for a pair of JWT access/refresh tokens and the current user payload. The code is single-use and expires after a short time window.

## auth_refresh_create

 - [POST /auth/refresh/](https://docs.adm.wearetransformers.nl/apis/schema/authentication/auth_refresh_create.md): Takes a refresh type JSON web token and returns an access type JSON web
token if the refresh token is valid.