Introduction

This is a non-standard authentication grant type to allow authenticating with the service using a signed JWT from a STB device including a signed public key certificate. This process is described in more detail here: /wiki/spaces/BPLAT/pages/38550375

This flow requires that the STB device has been provisioned to the user before attempting to authenticate.

User flow

1. The client obtains a signed token from the device Entone API.
2. The user calls the access_tokens endpoint with the stb_pwless grant type, providing the token from the Entone API as credentials.
3. If successful, the user receives a normal login response and can now use the service using the access tokens provided.

Migration guide

This method replaces the /api/stb/auth endpoint. The token parameter from the old endpoint is provided to the new access_tokens endpoint in in the POST body, under the "credentials" field. The grant type works like any other login mechanism in all other aspects.