# Identity

## ExchangeToken

`client.identity.exchangeToken(IdentityExchangeTokenParamsbody, RequestOptionsoptions?): IdentityExchangeTokenResponse`

**post** `/gitpod.v1.IdentityService/ExchangeToken`

Exchanges an exchange token for a new access token.

Use this method to:

- Convert exchange tokens to access tokens
- Obtain new access credentials
- Complete token exchange flows

### Examples

- Exchange token:

  Trades an exchange token for an access token.

  ```yaml
  exchangeToken: "exchange-token-value"
  ```

### Parameters

- `body: IdentityExchangeTokenParams`

  - `exchangeToken?: string`

    exchange_token is the token to exchange

### Returns

- `IdentityExchangeTokenResponse`

  - `accessToken?: string`

    access_token is the new access token

### Example

```typescript
import Gitpod from '@gitpod/sdk';

const client = new Gitpod({
  bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted
});

const response = await client.identity.exchangeToken({ exchangeToken: 'exchange-token-value' });

console.log(response.accessToken);
```

#### Response

```json
{
  "accessToken": "accessToken"
}
```

## GetAuthenticatedIdentity

`client.identity.getAuthenticatedIdentity(IdentityGetAuthenticatedIdentityParamsbody, RequestOptionsoptions?): IdentityGetAuthenticatedIdentityResponse`

**post** `/gitpod.v1.IdentityService/GetAuthenticatedIdentity`

Retrieves information about the currently authenticated identity.

Use this method to:

- Get current user information
- Check authentication status
- Retrieve organization context
- Validate authentication principal

### Examples

- Get current identity:

  Retrieves details about the authenticated user.

  ```yaml
  {}
  ```

### Parameters

- `body: IdentityGetAuthenticatedIdentityParams`

  - `empty?: boolean`

### Returns

- `IdentityGetAuthenticatedIdentityResponse`

  - `organizationId?: string`

  - `organizationTier?: string`

  - `subject?: Subject`

    subject is the identity of the current user

    - `id?: string`

      id is the UUID of the subject

    - `principal?: Principal`

      Principal is the principal of the subject

      - `"PRINCIPAL_UNSPECIFIED"`

      - `"PRINCIPAL_ACCOUNT"`

      - `"PRINCIPAL_USER"`

      - `"PRINCIPAL_RUNNER"`

      - `"PRINCIPAL_ENVIRONMENT"`

      - `"PRINCIPAL_SERVICE_ACCOUNT"`

      - `"PRINCIPAL_RUNNER_MANAGER"`

### Example

```typescript
import Gitpod from '@gitpod/sdk';

const client = new Gitpod({
  bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted
});

const response = await client.identity.getAuthenticatedIdentity();

console.log(response.organizationId);
```

#### Response

```json
{
  "organizationId": "organizationId",
  "organizationTier": "organizationTier",
  "subject": {
    "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "principal": "PRINCIPAL_UNSPECIFIED"
  }
}
```

## GetIDToken

`client.identity.getIDToken(IdentityGetIDTokenParamsbody, RequestOptionsoptions?): IdentityGetIDTokenResponse`

**post** `/gitpod.v1.IdentityService/GetIDToken`

Gets an ID token for authenticating with other services.

Use this method to:

- Obtain authentication tokens for service-to-service calls
- Access protected resources
- Generate scoped access tokens

### Examples

- Get token for single service:

  Retrieves a token for authenticating with one service.

  ```yaml
  audience:
    - "https://api.gitpod.io"
  ```

- Get token for multiple services:

  Retrieves a token valid for multiple services.

  ```yaml
  audience:
    - "https://api.gitpod.io"
    - "https://ws.gitpod.io"
  ```

### Parameters

- `body: IdentityGetIDTokenParams`

  - `audience?: Array<string>`

  - `version?: IDTokenVersion`

    version is the version of the ID token.

    - `"ID_TOKEN_VERSION_UNSPECIFIED"`

    - `"ID_TOKEN_VERSION_V1"`

    - `"ID_TOKEN_VERSION_V2"`

### Returns

- `IdentityGetIDTokenResponse`

  - `token?: string`

### Example

```typescript
import Gitpod from '@gitpod/sdk';

const client = new Gitpod({
  bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted
});

const response = await client.identity.getIDToken({
  audience: ['https://api.gitpod.io', 'https://ws.gitpod.io'],
});

console.log(response.token);
```

#### Response

```json
{
  "token": "token"
}
```

## Domain Types

### ID Token Version

- `IDTokenVersion = "ID_TOKEN_VERSION_UNSPECIFIED" | "ID_TOKEN_VERSION_V1" | "ID_TOKEN_VERSION_V2"`

  - `"ID_TOKEN_VERSION_UNSPECIFIED"`

  - `"ID_TOKEN_VERSION_V1"`

  - `"ID_TOKEN_VERSION_V2"`

### Identity Exchange Token Response

- `IdentityExchangeTokenResponse`

  - `accessToken?: string`

    access_token is the new access token

### Identity Get Authenticated Identity Response

- `IdentityGetAuthenticatedIdentityResponse`

  - `organizationId?: string`

  - `organizationTier?: string`

  - `subject?: Subject`

    subject is the identity of the current user

    - `id?: string`

      id is the UUID of the subject

    - `principal?: Principal`

      Principal is the principal of the subject

      - `"PRINCIPAL_UNSPECIFIED"`

      - `"PRINCIPAL_ACCOUNT"`

      - `"PRINCIPAL_USER"`

      - `"PRINCIPAL_RUNNER"`

      - `"PRINCIPAL_ENVIRONMENT"`

      - `"PRINCIPAL_SERVICE_ACCOUNT"`

      - `"PRINCIPAL_RUNNER_MANAGER"`

### Identity Get ID Token Response

- `IdentityGetIDTokenResponse`

  - `token?: string`