# Identity

## ExchangeToken

`identity.exchange_token(IdentityExchangeTokenParams**kwargs)  -> IdentityExchangeTokenResponse`

**post** `/gitpod.v1.IdentityService/ExchangeToken`

Exchanges an exchange token for a new access token.

Use this method to:

- Convert exchange tokens to access tokens
- Obtain new access credentials
- Complete token exchange flows

### Examples

- Exchange token:

  Trades an exchange token for an access token.

  ```yaml
  exchangeToken: "exchange-token-value"
  ```

### Parameters

- `exchange_token: Optional[str]`

  exchange_token is the token to exchange

### Returns

- `class IdentityExchangeTokenResponse: …`

  - `access_token: Optional[str]`

    access_token is the new access token

### Example

```python
import os
from gitpod import Gitpod

client = Gitpod(
    bearer_token=os.environ.get("GITPOD_API_KEY"),  # This is the default and can be omitted
)
response = client.identity.exchange_token(
    exchange_token="exchange-token-value",
)
print(response.access_token)
```

#### Response

```json
{
  "accessToken": "accessToken"
}
```

## GetAuthenticatedIdentity

`identity.get_authenticated_identity(IdentityGetAuthenticatedIdentityParams**kwargs)  -> IdentityGetAuthenticatedIdentityResponse`

**post** `/gitpod.v1.IdentityService/GetAuthenticatedIdentity`

Retrieves information about the currently authenticated identity.

Use this method to:

- Get current user information
- Check authentication status
- Retrieve organization context
- Validate authentication principal

### Examples

- Get current identity:

  Retrieves details about the authenticated user.

  ```yaml
  {}
  ```

### Parameters

- `empty: Optional[bool]`

### Returns

- `class IdentityGetAuthenticatedIdentityResponse: …`

  - `organization_id: Optional[str]`

  - `organization_tier: Optional[str]`

  - `subject: Optional[Subject]`

    subject is the identity of the current user

    - `id: Optional[str]`

      id is the UUID of the subject

    - `principal: Optional[Principal]`

      Principal is the principal of the subject

      - `"PRINCIPAL_UNSPECIFIED"`

      - `"PRINCIPAL_ACCOUNT"`

      - `"PRINCIPAL_USER"`

      - `"PRINCIPAL_RUNNER"`

      - `"PRINCIPAL_ENVIRONMENT"`

      - `"PRINCIPAL_SERVICE_ACCOUNT"`

      - `"PRINCIPAL_RUNNER_MANAGER"`

### Example

```python
import os
from gitpod import Gitpod

client = Gitpod(
    bearer_token=os.environ.get("GITPOD_API_KEY"),  # This is the default and can be omitted
)
response = client.identity.get_authenticated_identity()
print(response.organization_id)
```

#### Response

```json
{
  "organizationId": "organizationId",
  "organizationTier": "organizationTier",
  "subject": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "principal": "PRINCIPAL_UNSPECIFIED"
  }
}
```

## GetIDToken

`identity.get_id_token(IdentityGetIDTokenParams**kwargs)  -> IdentityGetIDTokenResponse`

**post** `/gitpod.v1.IdentityService/GetIDToken`

Gets an ID token for authenticating with other services.

Use this method to:

- Obtain authentication tokens for service-to-service calls
- Access protected resources
- Generate scoped access tokens

### Examples

- Get token for single service:

  Retrieves a token for authenticating with one service.

  ```yaml
  audience:
    - "https://api.gitpod.io"
  ```

- Get token for multiple services:

  Retrieves a token valid for multiple services.

  ```yaml
  audience:
    - "https://api.gitpod.io"
    - "https://ws.gitpod.io"
  ```

### Parameters

- `audience: Optional[Sequence[str]]`

- `version: Optional[IDTokenVersion]`

  version is the version of the ID token.

  - `"ID_TOKEN_VERSION_UNSPECIFIED"`

  - `"ID_TOKEN_VERSION_V1"`

  - `"ID_TOKEN_VERSION_V2"`

### Returns

- `class IdentityGetIDTokenResponse: …`

  - `token: Optional[str]`

### Example

```python
import os
from gitpod import Gitpod

client = Gitpod(
    bearer_token=os.environ.get("GITPOD_API_KEY"),  # This is the default and can be omitted
)
response = client.identity.get_id_token(
    audience=["https://api.gitpod.io", "https://ws.gitpod.io"],
)
print(response.token)
```

#### Response

```json
{
  "token": "token"
}
```

## Domain Types

### ID Token Version

- `Literal["ID_TOKEN_VERSION_UNSPECIFIED", "ID_TOKEN_VERSION_V1", "ID_TOKEN_VERSION_V2"]`

  - `"ID_TOKEN_VERSION_UNSPECIFIED"`

  - `"ID_TOKEN_VERSION_V1"`

  - `"ID_TOKEN_VERSION_V2"`

### Identity Exchange Token Response

- `class IdentityExchangeTokenResponse: …`

  - `access_token: Optional[str]`

    access_token is the new access token

### Identity Get Authenticated Identity Response

- `class IdentityGetAuthenticatedIdentityResponse: …`

  - `organization_id: Optional[str]`

  - `organization_tier: Optional[str]`

  - `subject: Optional[Subject]`

    subject is the identity of the current user

    - `id: Optional[str]`

      id is the UUID of the subject

    - `principal: Optional[Principal]`

      Principal is the principal of the subject

      - `"PRINCIPAL_UNSPECIFIED"`

      - `"PRINCIPAL_ACCOUNT"`

      - `"PRINCIPAL_USER"`

      - `"PRINCIPAL_RUNNER"`

      - `"PRINCIPAL_ENVIRONMENT"`

      - `"PRINCIPAL_SERVICE_ACCOUNT"`

      - `"PRINCIPAL_RUNNER_MANAGER"`

### Identity Get ID Token Response

- `class IdentityGetIDTokenResponse: …`

  - `token: Optional[str]`