# Identity

## ExchangeToken

`client.Identity.ExchangeToken(ctx, body) (*IdentityExchangeTokenResponse, error)`

**post** `/gitpod.v1.IdentityService/ExchangeToken`

Exchanges an exchange token for a new access token.

Use this method to:

- Convert exchange tokens to access tokens
- Obtain new access credentials
- Complete token exchange flows

### Examples

- Exchange token:

  Trades an exchange token for an access token.

  ```yaml
  exchangeToken: "exchange-token-value"
  ```

### Parameters

- `body IdentityExchangeTokenParams`

  - `ExchangeToken param.Field[string]`

    exchange_token is the token to exchange

### Returns

- `type IdentityExchangeTokenResponse struct{…}`

  - `AccessToken string`

    access_token is the new access token

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/gitpod-io/gitpod-sdk-go"
  "github.com/gitpod-io/gitpod-sdk-go/option"
)

func main() {
  client := gitpod.NewClient(
    option.WithBearerToken("My Bearer Token"),
  )
  response, err := client.Identity.ExchangeToken(context.TODO(), gitpod.IdentityExchangeTokenParams{
    ExchangeToken: gitpod.F("exchange-token-value"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", response.AccessToken)
}
```

#### Response

```json
{
  "accessToken": "accessToken"
}
```

## GetAuthenticatedIdentity

`client.Identity.GetAuthenticatedIdentity(ctx, body) (*IdentityGetAuthenticatedIdentityResponse, error)`

**post** `/gitpod.v1.IdentityService/GetAuthenticatedIdentity`

Retrieves information about the currently authenticated identity.

Use this method to:

- Get current user information
- Check authentication status
- Retrieve organization context
- Validate authentication principal

### Examples

- Get current identity:

  Retrieves details about the authenticated user.

  ```yaml
  {}
  ```

### Parameters

- `body IdentityGetAuthenticatedIdentityParams`

  - `Empty param.Field[bool]`

### Returns

- `type IdentityGetAuthenticatedIdentityResponse struct{…}`

  - `OrganizationID string`

  - `OrganizationTier string`

  - `Subject Subject`

    subject is the identity of the current user

    - `ID string`

      id is the UUID of the subject

    - `Principal Principal`

      Principal is the principal of the subject

      - `const PrincipalUnspecified Principal = "PRINCIPAL_UNSPECIFIED"`

      - `const PrincipalAccount Principal = "PRINCIPAL_ACCOUNT"`

      - `const PrincipalUser Principal = "PRINCIPAL_USER"`

      - `const PrincipalRunner Principal = "PRINCIPAL_RUNNER"`

      - `const PrincipalEnvironment Principal = "PRINCIPAL_ENVIRONMENT"`

      - `const PrincipalServiceAccount Principal = "PRINCIPAL_SERVICE_ACCOUNT"`

      - `const PrincipalRunnerManager Principal = "PRINCIPAL_RUNNER_MANAGER"`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/gitpod-io/gitpod-sdk-go"
  "github.com/gitpod-io/gitpod-sdk-go/option"
)

func main() {
  client := gitpod.NewClient(
    option.WithBearerToken("My Bearer Token"),
  )
  response, err := client.Identity.GetAuthenticatedIdentity(context.TODO(), gitpod.IdentityGetAuthenticatedIdentityParams{

  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", response.OrganizationID)
}
```

#### Response

```json
{
  "organizationId": "organizationId",
  "organizationTier": "organizationTier",
  "subject": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "principal": "PRINCIPAL_UNSPECIFIED"
  }
}
```

## GetIDToken

`client.Identity.GetIDToken(ctx, body) (*IdentityGetIDTokenResponse, error)`

**post** `/gitpod.v1.IdentityService/GetIDToken`

Gets an ID token for authenticating with other services.

Use this method to:

- Obtain authentication tokens for service-to-service calls
- Access protected resources
- Generate scoped access tokens

### Examples

- Get token for single service:

  Retrieves a token for authenticating with one service.

  ```yaml
  audience:
    - "https://api.gitpod.io"
  ```

- Get token for multiple services:

  Retrieves a token valid for multiple services.

  ```yaml
  audience:
    - "https://api.gitpod.io"
    - "https://ws.gitpod.io"
  ```

### Parameters

- `body IdentityGetIDTokenParams`

  - `Audience param.Field[[]string]`

  - `Version param.Field[IDTokenVersion]`

    version is the version of the ID token.

### Returns

- `type IdentityGetIDTokenResponse struct{…}`

  - `Token string`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/gitpod-io/gitpod-sdk-go"
  "github.com/gitpod-io/gitpod-sdk-go/option"
)

func main() {
  client := gitpod.NewClient(
    option.WithBearerToken("My Bearer Token"),
  )
  response, err := client.Identity.GetIDToken(context.TODO(), gitpod.IdentityGetIDTokenParams{
    Audience: gitpod.F([]string{"https://api.gitpod.io", "https://ws.gitpod.io"}),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", response.Token)
}
```

#### Response

```json
{
  "token": "token"
}
```

## Domain Types

### ID Token Version

- `type IDTokenVersion string`

  - `const IDTokenVersionUnspecified IDTokenVersion = "ID_TOKEN_VERSION_UNSPECIFIED"`

  - `const IDTokenVersionV1 IDTokenVersion = "ID_TOKEN_VERSION_V1"`

  - `const IDTokenVersionV2 IDTokenVersion = "ID_TOKEN_VERSION_V2"`