Skip to main content
All URLs below use the COSMIC Auth API host https://api.natecosmic.com. For onboarding and troubleshooting, see OAuth guide.

Authorize

GET https://api.natecosmic.com/auth/v1/oauth/authorize
Query parameters
  • response_type — use code for the authorization code flow
  • client_id — from the developer portal
  • redirect_uri — must exactly match a registered URI for the client
  • code_challenge — PKCE challenge
  • code_challenge_method — use S256 with code_challenge
  • state — strongly recommended (CSRF)
  • scope — optional; OIDC / email / profile / phone as applicable
  • nonce — optional; for OpenID Connect when using openid scope

Token

POST https://api.natecosmic.com/auth/v1/oauth/token
Content-Type: application/x-www-form-urlencoded
Authorization code grant (typical body fields)
  • grant_type=authorization_code
  • code
  • redirect_uri (same as authorize request)
  • client_id
  • code_verifier — required when PKCE was used on authorize
Refresh grant (typical body fields)
  • grant_type=refresh_token
  • refresh_token
  • client_id (and client authentication per client type, if required)
Client authentication for confidential clients follows token_endpoint_auth_method (none, client_secret_basic, or client_secret_post).

Discovery

GET https://api.natecosmic.com/auth/v1/.well-known/openid-configuration
GET https://api.natecosmic.com/auth/v1/.well-known/oauth-authorization-server

JWKS

GET https://api.natecosmic.com/auth/v1/.well-known/jwks.json

UserInfo

GET https://api.natecosmic.com/auth/v1/oauth/userinfo
Authorization: Bearer <access_token>