LoginRadius DocsDocs
DocumentationAPI ReferencesSDKsChangelogs

Single Sign-On API

Introduction to OAuth, OIDC, JWT, SAML, OAuth M2M, and cross-device SSO APIs for federation and multi-application identity flows.

Overview

The Single Sign-On API is the group for federation, delegated authorization, token exchange, protocol-level SSO, and multi-application identity flows. Use this group when you are integrating standards-based SSO models such as OAuth, OpenID Connect, JWT, and SAML, or when you need service-to-service and cross-device sign-on behavior.

This group is protocol-oriented and is best approached based on the authentication model you are implementing.

What this API group covers

The current Single Sign-On API group includes:

  • OAuth
  • OIDC
  • OAuth M2M
  • JWT
  • SAML
  • Cross Device SSO

These sections cover both provider-style and consumer-style SSO interactions across web, mobile, device, and service-to-service contexts.

Available sections

OAuth

Endpoints for OAuth-based authorization, token issuance, revocation, introspection, and delegated access workflows.

OIDC

Endpoints for OpenID Connect discovery, device code, token exchange, userinfo, and OIDC-compatible identity flows.

OAuth M2M

Machine-to-machine token and authorization flows for service-to-service integrations.

JWT

JWT-based SSO flows where token generation, consumption, or token-backed identity exchange is the primary integration model.

SAML

SAML-oriented operations for federated identity scenarios where LoginRadius participates in SAML-based interoperability.

Cross Device SSO

Flows used when authentication state or identity exchange must move across devices or applications.

Common workflows

This group is commonly used for:

  • configuring standards-based delegated authorization flows
  • exchanging device or authorization codes for tokens
  • introspecting or revoking tokens
  • implementing JWT-backed SSO between applications
  • integrating SAML-based federation
  • supporting M2M access for backend services
  • handling cross-device authentication continuation

When to start here

Start with the Single Sign-On API when:

  • you are implementing protocol-driven federation
  • your integration is centered on OAuth, OIDC, JWT, or SAML
  • you need service-to-service authorization
  • you need token exchange or delegated auth flows
  • you are building cross-app or cross-device identity continuity

If you are building basic customer registration and login, start with the Authentication API first.

Next steps

  • Review the Authorization page for protocol-specific auth expectations in this group
  • Start with OAuth or OIDC for standards-based delegated authorization
  • Use JWT or SAML when the downstream integration requires those specific federation models
  • Use OAuth M2M for backend service authentication

API Overview

Understand how LoginRadius APIs are organized, which API family to start with, and how authentication works across the platform.

Authorization

Authorization guidance for Single Sign-On API operations, including API key, client ID, access tokens, bearer tokens, and protocol-specific differences.

On this page

OverviewWhat this API group coversAvailable sectionsOAuthOIDCOAuth M2MJWTSAMLCross Device SSOCommon workflowsWhen to start hereNext steps