Retrieve a user's enterprise SSO identity and associated token secret (if token storage is enabled).
This API retrieves the user's enterprise SSO identity and associated token set record from the Logto Secret Vault. The token set will only be available if token storage is enabled for the corresponding SSO connector.
GET
/api/users/{userId}/sso-identities/{ssoConnectorId}
curl \
--request GET 'https://[tenant_id].logto.app/api/users/{userId}/sso-identities/{ssoConnectorId}' \
--header "Authorization: Bearer $ACCESS_TOKEN"
Response examples (200)
{
"ssoIdentity": {
"tenantId": "string",
"id": "string",
"userId": "string",
"issuer": "string",
"identityId": "string",
"detail": {},
"createdAt": 42.0,
"updatedAt": 42.0,
"ssoConnectorId": "string"
},
"tokenSecret": {
"tenantId": "string",
"id": "string",
"userId": "string",
"type": "string",
"metadata": {
"scope": "string",
"expiresAt": 42.0,
"tokenType": "string",
"hasRefreshToken": true
},
"createdAt": 42.0,
"updatedAt": 42.0,
"ssoConnectorId": "string",
"issuer": "string",
"identityId": "string"
}
}