Retrieve social identities, enterprise SSO identities and associated token secret (if token storage is enabled) for a user.

GET /api/users/{userId}/all-identities
O auth2

This API retrieves all identities (social and enterprise SSO) for a user, along with their associated token set records from the Logto Secret Vault. The token sets will only be available if token storage is enabled for the corresponding identity connector.

Path parameters

  • userId string Required

    The unique identifier of the user.

Query parameters

  • includeTokenSecret string

    Whether to include the token secret in the response. Defaults to false. Token storage must be supported and enabled by the connector to return the token secret.

Responses

  • 200 application/json

    Returns the user's social identities, enterprise SSO identities and associated token secret.

    Hide response attributes Show response attributes object
    • socialIdentities array[object] Required

      The user's social identities.

      Hide socialIdentities attributes Show socialIdentities attributes object
      • identity object Required
        Hide identity attributes Show identity attributes object
        • userId string Required
        • details object

          arbitrary

      • tokenSecret object
        Hide tokenSecret attributes Show tokenSecret attributes object
        • tenantId string Required

          Maximum length is 21.

        • id string Required

          Minimum length is 1, maximum length is 21.

        • userId string Required

          Minimum length is 1, maximum length is 21.

        • type string("federated_token_set") Required
        • metadata object Required
          Hide metadata attributes Show metadata attributes object
          • scope string
          • expiresAt number
          • tokenType string
          • hasRefreshToken boolean Required
        • createdAt number Required
        • updatedAt number Required
        • connectorId string Required
        • identityId string Required
        • target string Required
      • target string Required
    • ssoIdentities array[object] Required

      The user's enterprise SSO identities.

      Hide ssoIdentities attributes Show ssoIdentities attributes object
      • ssoIdentity object Required
        Hide ssoIdentity attributes Show ssoIdentity attributes object
        • tenantId string Required

          Maximum length is 21.

        • id string Required

          Minimum length is 1, maximum length is 21.

        • userId string Required

          Minimum length is 1, maximum length is 12.

        • issuer string Required

          Minimum length is 1, maximum length is 256.

        • identityId string Required

          Minimum length is 1, maximum length is 128.

        • detail object Required

          arbitrary

        • createdAt number Required
        • updatedAt number Required
        • ssoConnectorId string Required

          Minimum length is 1, maximum length is 128.

      • tokenSecret object
        Hide tokenSecret attributes Show tokenSecret attributes object
        • tenantId string Required

          Maximum length is 21.

        • id string Required

          Minimum length is 1, maximum length is 21.

        • userId string Required

          Minimum length is 1, maximum length is 21.

        • type string("federated_token_set") Required
        • metadata object Required
          Hide metadata attributes Show metadata attributes object
          • scope string
          • expiresAt number
          • tokenType string
          • hasRefreshToken boolean Required
        • createdAt number Required
        • updatedAt number Required
        • ssoConnectorId string Required
        • issuer string Required
        • identityId string Required
      • ssoConnectorId string Required
  • 400

    Bad Request

  • 401

    Unauthorized

  • 403

    Forbidden

  • 404

    User not found.

GET /api/users/{userId}/all-identities 
curl \
 --request GET 'https://[tenant_id].logto.app/api/users/{userId}/all-identities' \
 --header "Authorization: Bearer $ACCESS_TOKEN"
Response examples (200) 
{
  "socialIdentities": [
    {
      "identity": {
        "userId": "string",
        "details": {}
      },
      "tokenSecret": {
        "tenantId": "string",
        "id": "string",
        "userId": "string",
        "type": "string",
        "metadata": {
          "scope": "string",
          "expiresAt": 42.0,
          "tokenType": "string",
          "hasRefreshToken": true
        },
        "createdAt": 42.0,
        "updatedAt": 42.0,
        "connectorId": "string",
        "identityId": "string",
        "target": "string"
      },
      "target": "string"
    }
  ],
  "ssoIdentities": [
    {
      "ssoIdentity": {
        "tenantId": "string",
        "id": "string",
        "userId": "string",
        "issuer": "string",
        "identityId": "string",
        "detail": {},
        "createdAt": 42.0,
        "updatedAt": 42.0,
        "ssoConnectorId": "string"
      },
      "tokenSecret": {
        "tenantId": "string",
        "id": "string",
        "userId": "string",
        "type": "string",
        "metadata": {
          "scope": "string",
          "expiresAt": 42.0,
          "tokenType": "string",
          "hasRefreshToken": true
        },
        "createdAt": 42.0,
        "updatedAt": 42.0,
        "ssoConnectorId": "string",
        "issuer": "string",
        "identityId": "string"
      },
      "ssoConnectorId": "string"
    }
  ]
}