Metaplay Authen API

Standardized authentication API for Metaplay apps: login, refresh tokens, revoke sessions, and OAuth2/JWT validation.

See Quick Examples Endpoint List

Base URL

https://api.metaplay.example.com/auth

General Requirements

Content-Type: application/json
Response: JSON
Token standard: JWT, signed with RS256

POST /login

{ "username": "user@example.com", "password": "â€¢â€¢â€¢â€¢â€¢â€¢â€¢â€¢", "scope": "openid profile offline_access" }

Returns: access_token (15 minutes), refresh_token (7 days).

POST /refresh

Refresh access_token using refresh_token.

{ "refresh_token": "eyJhbGciOi..." }

POST /logout

Revoke token & close current session.

Authorization: Bearer <access_token>

GET /userinfo

Retrieve user info from access_token.

Authorization: Bearer <access_token>

Scopes

Scope	Description
`openid`	Request ID Token for login.
`profile`	Read display name, avatar, language.
`email`	Read verified email.
`offline_access`	Provide refresh token.

cURL â€¢ Login

curl -s -X POST \
  https://api.metaplay.example.com/auth/login \
  -H 'Content-Type: application/json' \
  -d '{
    "username": "user@example.com",
    "password": "secret",
    "scope": "openid profile offline_access"
  }'

JavaScript â€¢ Fetch

async function login(username, password){
  const res = await fetch('https://api.metaplay.example.com/auth/login', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ username, password, scope: 'openid profile offline_access' })
  });
  if(!res.ok) throw new Error('Login failed');
  return res.json();
}

Sample JWT Payload

{
  "iss": "https://auth.metaplay.example.com",
  "sub": "user_123",
  "aud": "metaplay",
  "exp": 1719999999,
  "iat": 1719990000,
  "scope": "openid profile"
}

400 â€¢ Invalid Request

{ "error": "invalid_request", "error_description": "Missing username" }

401 â€¢ Unauthorized

{ "error": "invalid_token", "error_description": "Expired access_token" }

429 â€¢ Rate Limited

{ "error": "rate_limited", "retry_after": 15 }