Choose a version:

fetchTokensForUser

mutation

Fetch an OAuth Access and Refresh Token pair for a user. Exactly one of publicId or consentToken must be provided.

When publicId is provided, the user's existing connection with the client is verified and tokens are issued for the consented scope.

When consentToken is provided — a signed JWT from a Sign in with Shop flow granting delegated consent from a merchant's buyer connection to this partner — the token is verified, a delegated user connection is established, and tokens are issued for the delegated scope.

Anchor to Arguments

Arguments

Anchor to consentTokenconsentToken •String: Signed JWT consent token from a Sign in with Shop flow granting delegated access. Required when not providing a public ID.
Anchor to publicIdpublicId •String: The public ID of the user. Required when not providing a consent token.

Was this section helpful?

Anchor to FetchTokensForUserPayload returnsFetchTokensForUserPayload returns

Anchor to accessTokenaccessToken •String: AccessToken for Users API.
Anchor to expiresInexpiresIn •Int: Access Token TTL in Seconds.
Anchor to publicIdpublicId •String: The public ID of the user.
Anchor to refreshTokenrefreshToken •String: RefreshToken for Partners API used to get new AccessTokens.
Anchor to scopescope •String: The scope of the access token as issued (RFC 6749 §5.1).
Anchor to tokenTypetokenType •String: Token type, always Bearer.
Anchor to userErrorsuserErrors •[FetchTokensForUserUserError!]! non-null: List of errors that occured while executing the mutation.

Was this section helpful?

Examples

fetchTokensForUser reference

Mutation Reference

mutation fetchTokensForUser($consentToken: String, $publicId: String) {

fetchTokensForUser(consentToken: $consentToken, publicId: $publicId) {

accessToken

expiresIn

publicId

refreshToken

scope

tokenType

userErrors {

field

message

}

Input

{

"consentToken": "<your-consentToken>",

"publicId": "<your-publicId>"

}