# Identity ## ExchangeToken **post** `/gitpod.v1.IdentityService/ExchangeToken` Exchanges an exchange token for a new access token. Use this method to: - Convert exchange tokens to access tokens - Obtain new access credentials - Complete token exchange flows ### Examples - Exchange token: Trades an exchange token for an access token. ```yaml exchangeToken: "exchange-token-value" ``` ### Body Parameters - `exchangeToken: optional string` exchange_token is the token to exchange ### Returns - `accessToken: optional string` access_token is the new access token ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.IdentityService/ExchangeToken \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "accessToken": "accessToken" } ``` ## GetAuthenticatedIdentity **post** `/gitpod.v1.IdentityService/GetAuthenticatedIdentity` Retrieves information about the currently authenticated identity. Use this method to: - Get current user information - Check authentication status - Retrieve organization context - Validate authentication principal ### Examples - Get current identity: Retrieves details about the authenticated user. ```yaml {} ``` ### Body Parameters - `empty: optional boolean` ### Returns - `organizationId: optional string` - `organizationTier: optional string` - `subject: optional Subject` subject is the identity of the current user - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.IdentityService/GetAuthenticatedIdentity \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "organizationId": "organizationId", "organizationTier": "organizationTier", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } ``` ## GetIDToken **post** `/gitpod.v1.IdentityService/GetIDToken` Gets an ID token for authenticating with other services. Use this method to: - Obtain authentication tokens for service-to-service calls - Access protected resources - Generate scoped access tokens ### Examples - Get token for single service: Retrieves a token for authenticating with one service. ```yaml audience: - "https://api.gitpod.io" ``` - Get token for multiple services: Retrieves a token valid for multiple services. ```yaml audience: - "https://api.gitpod.io" - "https://ws.gitpod.io" ``` ### Body Parameters - `audience: optional array of string` - `version: optional IDTokenVersion` version is the version of the ID token. - `"ID_TOKEN_VERSION_UNSPECIFIED"` - `"ID_TOKEN_VERSION_V1"` - `"ID_TOKEN_VERSION_V2"` ### Returns - `token: optional string` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.IdentityService/GetIDToken \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "token": "token" } ``` ## Domain Types ### ID Token Version - `IDTokenVersion = "ID_TOKEN_VERSION_UNSPECIFIED" or "ID_TOKEN_VERSION_V1" or "ID_TOKEN_VERSION_V2"` - `"ID_TOKEN_VERSION_UNSPECIFIED"` - `"ID_TOKEN_VERSION_V1"` - `"ID_TOKEN_VERSION_V2"` ### Identity Exchange Token Response - `IdentityExchangeTokenResponse object { accessToken }` - `accessToken: optional string` access_token is the new access token ### Identity Get Authenticated Identity Response - `IdentityGetAuthenticatedIdentityResponse object { organizationId, organizationTier, subject }` - `organizationId: optional string` - `organizationTier: optional string` - `subject: optional Subject` subject is the identity of the current user - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Identity Get ID Token Response - `IdentityGetIDTokenResponse object { token }` - `token: optional string`