Get Pre-Login Metadata
GET/token-srv/prelogin/metadata/:track_id
This API retrieves prelogin metadata for a given track ID. It provides information about which prechecks are required and what user interactions are needed to complete the authentication flow.
The track ID is generated when a precheck is required during the authentication process. This endpoint is used to:
- Determine which prechecks need to be fulfilled (e.g., group selection, scope consent, missing fields, MFA)
- Get metadata about the required precheck (e.g., selectable groups, missing fields, available MFA methods)
- Understand what actions the user needs to take before the token can be issued
Important Notes:
- Only prelogin sessions created within the last hour are considered valid
- If the track_id is not found or expired, the endpoint returns HTTP 204 (No Content)
- The track_id must be a valid UUID format
This endpoint is critical for precheck flows including:
- Group Selection
- Scope Consent
- Claim Consent
- Progressive Profiling (Missing Required Fields)
- MFA Requirements
- Suggest Verification Methods
- Communication Medium Verification
- User Scheduled Deletion
- Password Change
- Common Consent
- Site Consent
- Login Success Page
- Login SPI Required
Request
Responses
- 200
- 204
- 400
Successfully retrieved prelogin metadata
Track ID not found, expired, or already used
Bad Request - Invalid track_id format