OAuth42 - Modern Authentication Infrastructure

WebSocket Connection

Connection URL

wss://ws.oauth42.com/events

Connect to the WebSocket server using your access token for authentication.

Connection Example (JavaScript)

const ws = new WebSocket(
  'wss://ws.oauth42.com/events?token=' + accessToken
);

ws.onopen = () => {
  console.log('WebSocket connected');
};

ws.onmessage = (event) => {
  const message = JSON.parse(event.data);
  handleEvent(message);
};

ws.onerror = (error) => {
  console.error('WebSocket error:', error);
};

ws.onclose = () => {
  console.log('WebSocket disconnected');
};

Message Format

All WebSocket messages follow a consistent JSON format:

{
  "type": "event_type",
  "timestamp": "2025-01-15T12:00:00Z",
  "data": {
    // Event-specific data
  }
}

Authentication Events

user.login

Fired when a user successfully logs in.

{
  "type": "user.login",
  "timestamp": "2025-01-15T12:00:00Z",
  "data": {
    "user_id": "user_12345",
    "email": "[email protected]",
    "ip_address": "203.0.113.0",
    "device": "Chrome on MacOS",
    "location": "San Francisco, CA",
    "mfa_used": true
  }
}

user.login.failed

Fired when a login attempt fails.

{
  "type": "user.login.failed",
  "timestamp": "2025-01-15T12:05:00Z",
  "data": {
    "email": "[email protected]",
    "reason": "invalid_credentials",
    "ip_address": "203.0.113.42",
    "device": "Firefox on Windows"
  }
}

user.logout

Fired when a user logs out.

{
  "type": "user.logout",
  "timestamp": "2025-01-15T14:00:00Z",
  "data": {
    "user_id": "user_12345",
    "session_id": "session_abc123"
  }
}

session.revoked

Fired when a user session is revoked.

{
  "type": "session.revoked",
  "timestamp": "2025-01-15T15:00:00Z",
  "data": {
    "user_id": "user_12345",
    "session_id": "session_abc123",
    "reason": "manual_revocation",
    "revoked_by": "user_self"
  }
}

Token Events

token.issued

Fired when new access or refresh tokens are issued.

{
  "type": "token.issued",
  "timestamp": "2025-01-15T12:00:00Z",
  "data": {
    "user_id": "user_12345",
    "client_id": "client_abc123",
    "token_type": "access_token",
    "scopes": ["openid", "profile", "email"],
    "expires_in": 3600
  }
}

token.refreshed

Fired when an access token is refreshed.

{
  "type": "token.refreshed",
  "timestamp": "2025-01-15T13:00:00Z",
  "data": {
    "user_id": "user_12345",
    "client_id": "client_abc123",
    "old_token_id": "token_old123",
    "new_token_id": "token_new456"
  }
}

token.revoked

Fired when a token is revoked.

{
  "type": "token.revoked",
  "timestamp": "2025-01-15T14:00:00Z",
  "data": {
    "user_id": "user_12345",
    "token_type": "refresh_token",
    "token_id": "token_abc123",
    "reason": "user_logout"
  }
}

User Events

user.created

Fired when a new user account is created.

{
  "type": "user.created",
  "timestamp": "2025-01-15T10:00:00Z",
  "data": {
    "user_id": "user_67890",
    "email": "[email protected]",
    "email_verified": false
  }
}

user.updated

Fired when user profile information is updated.

{
  "type": "user.updated",
  "timestamp": "2025-01-15T11:00:00Z",
  "data": {
    "user_id": "user_12345",
    "fields_updated": ["name", "picture"],
    "updated_by": "user_self"
  }
}

user.deleted

Fired when a user account is deleted.

{
  "type": "user.deleted",
  "timestamp": "2025-01-15T16:00:00Z",
  "data": {
    "user_id": "user_67890",
    "email": "[email protected]",
    "deleted_by": "admin_user123"
  }
}

user.email.verified

Fired when a user verifies their email address.

{
  "type": "user.email.verified",
  "timestamp": "2025-01-15T10:30:00Z",
  "data": {
    "user_id": "user_67890",
    "email": "[email protected]"
  }
}

MFA Events

mfa.enabled

Fired when MFA is enabled for a user.

{
  "type": "mfa.enabled",
  "timestamp": "2025-01-15T09:00:00Z",
  "data": {
    "user_id": "user_12345",
    "method": "totp"
  }
}

mfa.disabled

Fired when MFA is disabled for a user.

{
  "type": "mfa.disabled",
  "timestamp": "2025-01-15T17:00:00Z",
  "data": {
    "user_id": "user_12345",
    "disabled_by": "user_self"
  }
}

mfa.backup_code.used

Fired when a backup code is used for authentication.

{
  "type": "mfa.backup_code.used",
  "timestamp": "2025-01-15T18:00:00Z",
  "data": {
    "user_id": "user_12345",
    "remaining_codes": 4
  }
}

OAuth Client Events

client.created

Fired when a new OAuth client is created.

{
  "type": "client.created",
  "timestamp": "2025-01-15T08:00:00Z",
  "data": {
    "client_id": "client_xyz789",
    "client_name": "New Application",
    "created_by": "user_12345"
  }
}

client.updated

Fired when an OAuth client is updated.

{
  "type": "client.updated",
  "timestamp": "2025-01-15T09:00:00Z",
  "data": {
    "client_id": "client_xyz789",
    "fields_updated": ["redirect_uris", "scopes"],
    "updated_by": "user_12345"
  }
}

client.secret.rotated

Fired when a client secret is rotated.

{
  "type": "client.secret.rotated",
  "timestamp": "2025-01-15T10:00:00Z",
  "data": {
    "client_id": "client_xyz789",
    "rotated_by": "user_12345"
  }
}

client.deleted

Fired when an OAuth client is deleted.

{
  "type": "client.deleted",
  "timestamp": "2025-01-15T19:00:00Z",
  "data": {
    "client_id": "client_xyz789",
    "client_name": "Old Application",
    "deleted_by": "user_12345"
  }
}

Connection Management

Heartbeat

Server sends ping messages every 30 seconds to keep connection alive:

{
  "type": "ping",
  "timestamp": "2025-01-15T12:00:00Z"
}

Client should respond with a pong message:

ws.send(JSON.stringify({
  "type": "pong"
}));

Subscribe to Events

Subscribe to specific event types after connecting:

ws.send(JSON.stringify({
  "type": "subscribe",
  "events": [
    "user.login",
    "user.logout",
    "token.revoked"
  ]
}));

Error Messages

Server sends error messages when issues occur:

{
  "type": "error",
  "timestamp": "2025-01-15T12:00:00Z",
  "data": {
    "code": "authentication_failed",
    "message": "Invalid or expired access token"
  }
}

Complete Implementation Example

class OAuth42WebSocket {
  constructor(accessToken) {
    this.ws = new WebSocket(
      `wss://ws.oauth42.com/events?token=${accessToken}`
    );
    this.setupEventHandlers();
  }

  setupEventHandlers() {
    this.ws.onopen = () => {
      console.log('Connected to OAuth42 WebSocket');

      // Subscribe to specific events
      this.subscribe([
        'user.login',
        'user.logout',
        'token.revoked',
        'mfa.enabled'
      ]);
    };

    this.ws.onmessage = (event) => {
      const message = JSON.parse(event.data);

      switch (message.type) {
        case 'ping':
          this.pong();
          break;
        case 'user.login':
          this.handleUserLogin(message.data);
          break;
        case 'token.revoked':
          this.handleTokenRevoked(message.data);
          break;
        case 'error':
          this.handleError(message.data);
          break;
        default:
          console.log('Unhandled event:', message);
      }
    };

    this.ws.onerror = (error) => {
      console.error('WebSocket error:', error);
    };

    this.ws.onclose = () => {
      console.log('WebSocket disconnected');
      // Implement reconnection logic here
    };
  }

  subscribe(events) {
    this.ws.send(JSON.stringify({
      type: 'subscribe',
      events: events
    }));
  }

  pong() {
    this.ws.send(JSON.stringify({ type: 'pong' }));
  }

  handleUserLogin(data) {
    console.log('User logged in:', data);
    // Handle login event
  }

  handleTokenRevoked(data) {
    console.log('Token revoked:', data);
    // Redirect to login or refresh token
  }

  handleError(data) {
    console.error('WebSocket error:', data);
    // Handle error appropriately
  }

  close() {
    this.ws.close();
  }
}

// Usage
const ws = new OAuth42WebSocket(accessToken);

// Clean up on unmount
// ws.close();

Next Steps

Authentication API

OAuth 2.0 and OpenID Connect endpoints

Management API

User and client management endpoints

Tokens & Sessions

Learn about token lifecycle and session management

WebSocket Events