Issue an RS256 JWT (service-to-service or partner M2M)

POST

/auth/token

AWS_IAM-protected. Dispatches on the body: omit grant_type for a service-to-service JWT (aud=pouch-services, 15-min TTL); set grant_type=client_credentials with client_id/client_secret for a partner M2M JWT (aud=partners-api, 60-min TTL). Accepts either application/json or application/x-www-form-urlencoded request bodies — RFC 6749 §2.3.1 specifies form-encoded for the client_credentials grant, and bff-partners uses that content type when proxying partner requests.

Authorizations

• awsSigv4

Request Body

object

grant_type

OAuth 2.0 grant type. Omit for the legacy service-to-service flow.

string

Allowed values: client_credentials

client_id

WorkOS Connect M2M Application client id (required when grant_type=client_credentials).

string

client_secret

WorkOS Connect M2M Application client secret (required when grant_type=client_credentials).

string

object

grant_type

OAuth 2.0 grant type. Omit for the legacy service-to-service flow.

string

Allowed values: client_credentials

client_id

WorkOS Connect M2M Application client id (required when grant_type=client_credentials).

string

client_secret

WorkOS Connect M2M Application client secret (required when grant_type=client_credentials).

string

Responses

200

RS256 JWT response (service-token or partner M2M, depending on the request body).

object

access_token

required

Short-lived RS256 JWT for service-to-service calls

string

token_type

required

string

expires_in

required

Token lifetime in seconds

number

400

BAD_REQUEST

object

type

required

string format: uri

title

required

string

status

required

integer

detail

string

instance

string

karmoCode

required

Karmo 8-digit error code.

string

/^[0-9]{8}$/

karmoMeta

Domain-level metadata emitted by the service.

object

key

additional properties

any

karmoErrors

Array<object>

object

detail

required

Human-readable detail for the specific field error.

string

pointer

required

JSON pointer to the offending value.

string

/email

401

UNAUTHORIZED

object

type

required

string format: uri

title

required

string

status

required

integer

detail

string

instance

string

karmoCode

required

Karmo 8-digit error code.

string

/^[0-9]{8}$/

karmoMeta

Domain-level metadata emitted by the service.

object

key

additional properties

any

karmoErrors

Array<object>

object

detail

required

Human-readable detail for the specific field error.

string

pointer

required

JSON pointer to the offending value.

string

/email

403

FORBIDDEN

object

type

required

string format: uri

title

required

string

status

required

integer

detail

string

instance

string

karmoCode

required

Karmo 8-digit error code.

string

/^[0-9]{8}$/

karmoMeta

Domain-level metadata emitted by the service.

object

key

additional properties

any

karmoErrors

Array<object>

object

detail

required

Human-readable detail for the specific field error.

string

pointer

required

JSON pointer to the offending value.

string

/email

404

NOT_FOUND

object

type

required

string format: uri

title

required

string

status

required

integer

detail

string

instance

string

karmoCode

required

Karmo 8-digit error code.

string

/^[0-9]{8}$/

karmoMeta

Domain-level metadata emitted by the service.

object

key

additional properties

any

karmoErrors

Array<object>

object

detail

required

Human-readable detail for the specific field error.

string

pointer

required

JSON pointer to the offending value.

string

/email

409

CONFLICT

object

type

required

string format: uri

title

required

string

status

required

integer

detail

string

instance

string

karmoCode

required

Karmo 8-digit error code.

string

/^[0-9]{8}$/

karmoMeta

Domain-level metadata emitted by the service.

object

key

additional properties

any

karmoErrors

Array<object>

object

detail

required

Human-readable detail for the specific field error.

string

pointer

required

JSON pointer to the offending value.

string

/email

422

UNPROCESSABLE_ENTITY

object

type

required

string format: uri

title

required

string

status

required

integer

detail

string

instance

string

karmoCode

required

Karmo 8-digit error code.

string

/^[0-9]{8}$/

karmoMeta

Domain-level metadata emitted by the service.

object

key

additional properties

any

karmoErrors

Array<object>

object

detail

required

Human-readable detail for the specific field error.

string

pointer

required

JSON pointer to the offending value.

string

/email

500

INTERNAL_SERVER_ERROR

object

type

required

string format: uri

title

required

string

status

required

integer

detail

string

instance

string

karmoCode

required

Karmo 8-digit error code.

string

/^[0-9]{8}$/

karmoMeta

Domain-level metadata emitted by the service.

object

key

additional properties

any

karmoErrors

Array<object>

object

detail

required

Human-readable detail for the specific field error.

string

pointer

required

JSON pointer to the offending value.

string

/email