Select an active tenant | API Reference

Authorization

Descope Project ID:Refresh JWT

AuthorizationBearer <token>

Project ID:Refresh JWT as bearer token.

In: header

Request Body

application/json

tenant?string

Set the active tenant for the user's current session

This endpoint allows you to get a new session token and refresh token with the dct claim on the JWT which shows the active selected tenant for the user.

See Tenant Selection Article for more details of the usage.

curl -X POST "https://api.descope.com/v1/auth/tenant/select" \
  -H "Content-Type: application/json" \
  -d '{}'

curl -X POST "https://api.descope.com/v1/auth/tenant/select" \  -H "Content-Type: application/json" \  -d '{}'

ResponseOK

{
  "sessionJwt": "string",
  "refreshJwt": "string",
  "cookieDomain": "string",
  "cookiePath": "string",
  "cookieMaxAge": 0,
  "cookieExpiration": 0,
  "user": {
    "loginIds": [
      "string"
    ],
    "userId": "string",
    "name": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "roleNames": [
      "string"
    ],
    "userTenants": [
      {
        "tenantId": "string",
        "roleNames": [
          "string"
        ],
        "tenantName": "string",
        "permissions": [
          "string"
        ]
      }
    ],
    "status": "string",
    "externalIds": [
      "string"
    ],
    "picture": "string",
    "test": false,
    "customAttributes": {
      "attribute-key": "attribute-value"
    },
    "createdTime": 0,
    "TOTP": false,
    "SAML": false,
    "OAuth": {
      "property1": false,
      "property2": false
    },
    "webauthn": true,
    "password": true,
    "ssoAppIds": [
      "string"
    ],
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "editable": true,
    "SCIM": true,
    "push": true,
    "permissions": [
      "string"
    ],
    "OIDC": true,
    "consentExpiration": 0
  },
  "firstSeen": true,
  "idpResponse": {
    "samlResponse": "string",
    "samlGeneratedUser": "string",
    "samlGeneratedRoles": "string",
    "oidcResponse": "string",
    "oidcGeneratedUser": "string",
    "oidcGeneratedRoles": "string",
    "idpGroups": [
      "string"
    ],
    "idpSAMLAttributes": false,
    "idpOIDCClaims": {}
  },
  "sessionExpiration": 0,
  "externalToken": "string",
  "claims": {},
  "tenantSSOID": "string",
  "trustedDeviceJwt": "string",
  "nextRefreshSeconds": 0,
  "cookieName": "string",
  "sessionCookieName": "string",
  "sessionCookieDomain": "string"
}

{  "sessionJwt": "string",  "refreshJwt": "string",  "cookieDomain": "string",  "cookiePath": "string",  "cookieMaxAge": 0,  "cookieExpiration": 0,  "user": {    "loginIds": [      "string"    ],    "userId": "string",    "name": "string",    "email": "string",    "phone": "string",    "verifiedEmail": true,    "verifiedPhone": true,    "roleNames": [      "string"    ],    "userTenants": [      {        "tenantId": "string",        "roleNames": [          "string"        ],        "tenantName": "string",        "permissions": [          "string"        ]      }    ],    "status": "string",    "externalIds": [      "string"    ],    "picture": "string",    "test": false,    "customAttributes": {      "attribute-key": "attribute-value"    },    "createdTime": 0,    "TOTP": false,    "SAML": false,    "OAuth": {      "property1": false,      "property2": false    },    "webauthn": true,    "password": true,    "ssoAppIds": [      "string"    ],    "givenName": "string",    "middleName": "string",    "familyName": "string",    "editable": true,    "SCIM": true,    "push": true,    "permissions": [      "string"    ],    "OIDC": true,    "consentExpiration": 0  },  "firstSeen": true,  "idpResponse": {    "samlResponse": "string",    "samlGeneratedUser": "string",    "samlGeneratedRoles": "string",    "oidcResponse": "string",    "oidcGeneratedUser": "string",    "oidcGeneratedRoles": "string",    "idpGroups": [      "string"    ],    "idpSAMLAttributes": false,    "idpOIDCClaims": {}  },  "sessionExpiration": 0,  "externalToken": "string",  "claims": {},  "tenantSSOID": "string",  "trustedDeviceJwt": "string",  "nextRefreshSeconds": 0,  "cookieName": "string",  "sessionCookieName": "string",  "sessionCookieDomain": "string"}

TypeScript

/**
 * NOTE: if you add a new field to this message, also add it to the OptionalJWTResponse message
 */
export interface Response {
sessionJwt?: string
refreshJwt?: string
cookieDomain?: string
cookiePath?: string
cookieMaxAge?: number
cookieExpiration?: number
user?: {
loginIds?: string[]
userId?: string
name?: string
email?: string
phone?: string
verifiedEmail?: boolean
verifiedPhone?: boolean
roleNames?: string[]
userTenants?: UserTenants[]
status?: string
externalIds?: string[]
picture?: string
test?: boolean
/**
 * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays.
 */
customAttributes?: {
[k: string]: string
}
createdTime?: number
TOTP?: boolean
SAML?: boolean
OAuth?: {
[k: string]: boolean
}
webauthn?: boolean
password?: boolean
ssoAppIds?: string[]
givenName?: string
middleName?: string
familyName?: string
editable?: boolean
SCIM?: boolean
push?: boolean
permissions?: string[]
OIDC?: boolean
consentExpiration?: number
}
firstSeen?: boolean
idpResponse?: IDPResponse
sessionExpiration?: number
externalToken?: string
claims?: {

}
tenantSSOID?: string
trustedDeviceJwt?: string
nextRefreshSeconds?: number
cookieName?: string
sessionCookieName?: string
sessionCookieDomain?: string
}
export interface UserTenants {
tenantId?: string
roleNames?: string[]
tenantName?: string
permissions?: string[]
}
export interface IDPResponse {
samlResponse?: string
samlGeneratedUser?: string
samlGeneratedRoles?: string
oidcResponse?: string
oidcGeneratedUser?: string
oidcGeneratedRoles?: string
idpGroups?: string[]
idpSAMLAttributes?: boolean
idpOIDCClaims?: {

}
}

/** * NOTE: if you add a new field to this message, also add it to the OptionalJWTResponse message */export interface Response {sessionJwt?: stringrefreshJwt?: stringcookieDomain?: stringcookiePath?: stringcookieMaxAge?: numbercookieExpiration?: numberuser?: {loginIds?: string[]userId?: stringname?: stringemail?: stringphone?: stringverifiedEmail?: booleanverifiedPhone?: booleanroleNames?: string[]userTenants?: UserTenants[]status?: stringexternalIds?: string[]picture?: stringtest?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}createdTime?: numberTOTP?: booleanSAML?: booleanOAuth?: {[k: string]: boolean}webauthn?: booleanpassword?: booleanssoAppIds?: string[]givenName?: stringmiddleName?: stringfamilyName?: stringeditable?: booleanSCIM?: booleanpush?: booleanpermissions?: string[]OIDC?: booleanconsentExpiration?: number}firstSeen?: booleanidpResponse?: IDPResponsesessionExpiration?: numberexternalToken?: stringclaims?: {}tenantSSOID?: stringtrustedDeviceJwt?: stringnextRefreshSeconds?: numbercookieName?: stringsessionCookieName?: stringsessionCookieDomain?: string}export interface UserTenants {tenantId?: stringroleNames?: string[]tenantName?: stringpermissions?: string[]}export interface IDPResponse {samlResponse?: stringsamlGeneratedUser?: stringsamlGeneratedRoles?: stringoidcResponse?: stringoidcGeneratedUser?: stringoidcGeneratedRoles?: stringidpGroups?: string[]idpSAMLAttributes?: booleanidpOIDCClaims?: {}}

Was this helpful?