Exchange Carrier OIDC Token for Hiya JWT

POST 
/v1/auth/token

Exchanges a carrier-issued OIDC access token for a Hiya-scoped JWT bearer token.

Overview

This endpoint implements a federated token exchange flow:

1. The client obtains an OIDC access token from the carrier's identity provider
2. The client presents this token to Hiya's backend
3. Hiya validates the token (issuer, audience, signature, and claims)
4. Upon successful validation, Hiya mints a short-lived JWT for API authorization

Token Validation

Hiya validates the following claims from the carrier OIDC token:

• iss (issuer): Must match the configured carrier identity provider
• aud (audience): Must include Hiya's registered client ID
• exp (expiration): Token must not be expired
• sub (subject): Used to identify the user account

Response

On success, returns a Hiya JWT token with:

• Short expiration time (configurable, typically 1 hour)
• Scoped claims for least-privilege API access
• Refresh token for obtaining new access tokens

Header Parameters

---

x-hiya-product-version string

Product version. The standard "major.minor.patch" format is highly encouraged without any leading characters; "2.1.3" or "3.0.0" for example.

Body

required

application/json

Responses

200

OK

Response Body

application/json

400

Bad Request

Response Body

application/json

500

Internal Server Error

Response Body

application/json