Render Login Page
Within your partner portal, users should click the "Viant Authentication" button to begin the authentication process. This will redirect them to Viant’s secure login page.
Steps:
-
The user enters their Viant-issued
usernameandpassword. -
Upon successful authentication, an authorization code is generated.
-
This code is automatically sent to the CDP/Data Partner's redirect URI i.e redirect uri?code=authorization_code
Endpoint
GET /v1/oauth2/login?redirect_uri=<CDP's callback uri>&client_id=<client id>
| Parameter Name | Description | Required |
|---|---|---|
client_id | Unique identifier created by Viant for the CDP/Data partner | Yes |
redirect_uri | The callback URI endpoint to receive the authorization code | Yes |
state | Random string to prevent CSRF attacks | Optional |
code_challenge | PKCE security parameter (43--128 characters) | Optional |
code_challenge_method | Must be "plain" or "S256" if code_challenge is used | Optional |
Note: For PKCE implementation guidance, refer to AWS Cognito documentation.
Exchange Code for JWT Token
Once the user is authenticated and redirected, your app must exchange the authorization code for tokens.
Endpoint
POST v1/oauth2/token
Headers:
Authorization: Basic {base64_encoded_client_id:client_secret}
Request Body:
This endpoint supports both JSON and form-encoded request formats:
Content-Type: application/json
Request Payload:
{
"grant_type": "authorization_code"
"code" : "eyJjdHkiOiJKV1Q...",
"redirect_uri": "CDP's callback uri"
}Content-Type: application/x-www-form-urlencoded
Request Payload:
grant_type=authorization_code&code=eyJjdHkiOiJKV1Q...&redirect_uri=CDP's callback uriSuccessful Response:
{
"access_token" : "eyJraWQiOiJLVk....",
"expires_in" : 86400,
"id_token" : "eyJraWQiOi....",
"token_type" : "Bearer"
}| Parameter Name | Description | Required |
|---|---|---|
client_id | Unique identifier provided by Viant | Yes |
client_secret | Secret provided by Viant | Yes |
code | Authorization code from login flow | Yes |
redirect_uri | Must exactly match original redirect URI used | Yes |
code_verifier | Required only if PKCE was used | Optional |
How it works?
After successful authentication, the user is redirected to your specified redirect_uri with an authorization code
- Your CDP application extracts the code from the URL
- Your application sends this code to this endpoint
- The endpoint validates the code and returns the necessary tokens
- Your application can then use these tokens to access protected services
Refresh Access Token
Use this endpoint to refresh your access token using the refresh token provided during authentication.
Endpoint:
POST /v1/oauth2/token
Headers:
Authorization: Basic {base64_encoded_client_id:client_secret}
Request Body:
Content-Type: application/json
Request Payload:
{
"grant_type": "refresh_token",
"refresh_token" : "eyJjdHkiOiJKV1Q..."
}Content-Type: application/x-www-form-urlencoded
Request Payload:
grant_type=refresh_token&refresh_token=eyJjdHkiOiJKV1Q...Response (Success):
{
"access_token" : "eyJraWQiOiJLVk....",
"expires_in" : 86400,
"id_token" : "eyJraWQiOi....",
"token_type" : "Bearer"
}Response (Failure):
{
"error_description" : "error message",
"error": "error code"
}