Call PlainID Auth endpoint to exchange the token:

  1. Request Example:
curl --location --request POST 'https://auth.{{REGION}}.plainid.io/auth/realms/{{PLAINID_TENANT_NAME}}/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=plainid' \
--data-urlencode 'subject_token={{ID_TOKEN_FROM_THE_IDP_AUTH_REQUEST}}' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:jwt' \
--data-urlencode 'subject_issuer=tenant_idp'

Please Note:

  • Replace {{REGION}} with your PlainID Tenant region (e.g. us1, eu1, ca1, etc.)
  • Replace {{PLAINID_TENANT_NAME}} with your PlainID Tenant name
  • client_id value is a constant, and should be set to plainid
  • subject_issuer value is a constant, and should be set to tenant_idp
  1. Response example:
{
"access_token": "ey…",
"expires_in": 900,
"refresh_expires_in": 1800,
"refresh_token": "ey…",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "9c2fd2fa-d209-4f0e-a161-fae27261fdae",
"scope": "profile email"
}


Servers

United States

  https://auth.us1.plainid.io 

Europe

  https://auth.eu1.plainid.io 

Canada

  https://auth.ca1.plainid.io 

Local PAA

  https://auth.plainid.local