Auth And Token Bootstrap
Purpose: acquire bearer tokens and verify auth endpoint behavior before calling Inbox Manager APIs.
Boundary note:
- This flow calls
auth.inbox-manager.comendpoints. - Those routes are not part of
api.inbox-manager.comOpenAPI.
UI Flow
- User opens sign-up or sign-in form.
- UI submits credentials to
https://auth.inbox-manager.com/auth/sign-upor/auth/sign-in. - UI stores returned access token and account context.
- UI requests account-scoped token via
POST /api/accounts/:account_id/tokenwhen needed. - UI uses returned token as
Authorization: Bearer <token>forapi.inbox-manager.com.
Client Library Flow
const auth = new AuthClient({ baseUrl: "https://auth.inbox-manager.com" });
const session = await auth.signIn({
email,
password,
clientId: "cid_inbox_manager",
});
const accountToken = await auth.issueAccountToken({
accountId: session.profile.active_membership.account_id,
bearerToken: session.tokens.access_token,
audience: "https://api.inbox-manager.com",
});
const api = new InboxManagerClient({
baseUrl: "https://api.inbox-manager.com",
bearerToken: accountToken.access_token,
});HTTP/curl Flow
AUTH_BASE_URL="https://auth.inbox-manager.com"
ORIGIN="https://app.inbox-manager.com"
CLIENT_ID="cid_inbox_manager"
curl -sS "${AUTH_BASE_URL}/.well-known/jwks.json"
curl -sS -X POST "${AUTH_BASE_URL}/auth/sign-in" \
-H "origin: ${ORIGIN}" \
-H "content-type: application/json" \
--data "{\"client_id\":\"${CLIENT_ID}\",\"email\":\"${EMAIL}\",\"password\":\"${PASSWORD}\",\"csrf_token\":\"${CSRF_TOKEN}\"}"
curl -sS -X POST "${AUTH_BASE_URL}/api/accounts/${ACCOUNT_ID}/token" \
-H "authorization: Bearer ${ACCESS_TOKEN}" \
-H "content-type: application/json" \
--data '{"audience":"https://api.inbox-manager.com"}'Validation Script
scripts/auth_probe.shscripts/auth_bootstrap_accounts.sh