Routes

Definition for all the routes

GET /user/@self/profile

scope: profile

Retrievies basic user profile. Includes email if email scope is set.

response

  • id - user’s ID
  • nickname - user’s nickname
  • displayName - user’s display name
  • avatar - user’s avatar URL
  • registration - user’s registration date (ISO date)
  • email - user’s email (requires email scope)
  • permissions - the user’s bit permissions.
  • tfa - whether the user has 2FA active or not.
  • address - the user’s address (requires address scope)
  • names - contains JSON object with first, last, full (display name) and list (array of strings of all names) (requires full_name scope)
  • birth - the user’s birth date (ISO date) (requires birth scope)
  • occupation - the user’s occupation (requires occupation scope)
  • role - user’s role in occupation (requires occupation scope)

DELETE /user/@self/login

internal

Logs out current user

response

  • done - always true

PATCH /user/@self/profile

tfa scope: profile_update

Edits the user profile.

request

  • nickname - user’s nickname
  • displayName - user’s display name
  • names - same as in profile (requires full_name scope)
  • avatar - user’s avatar URL
  • email - user’s email (requires email scope; internal only)
  • tfa - false or 2fa secret. (internal only)
  • tfaCode - 2fa code, when 2fa was turned on. (internal only)
  • birth - user’s birth date (internal only)
  • occupation - user’s occupation (internal only)
  • role - user’s role (internal only)

response

(2fa off or unchanged)

  • done - true

response

(2fa turned on)

  • done - true
  • backupCodes - array of strings of backup codes for 2FA.

GET /users/list

internal

Jem supports multiple accounts at once. This endpoint is used by internal apps to allow changing the currently ‘active’ user.

response

  • loged - Loged in users, array of objects in the same format as profile.
  • expired - Expired users, array of objects in the same format as profile.

GET /user/@self/accounts

Retrievies a list of connected accounts. Requires the accounts scope. Includes email if email scope is set.

response

Array of the following object:

  • platform - The platforms name (might be duplicate in the array)
  • id - The ID of the user on the platform (string; depends on platform)
  • username - The username of the user on the platform
  • avatar - User’s avatar (profile picture) on the platform
  • email - The email of the user on the platform (requires email scope, may be missing).

GET /user/@self/token

internal

Returns access token without refresh token (use this endpoint again). Request cannot be scoped.

request

  • scopes - The required scopes

response

  • token - The access token
  • expires_in - When the token expires in seconds, defaults to one week.

GET /account/:platform/:id

scope: accounts

Returns the single acount. Requires accounts scope on account owner. Returns not found when user doesn’t have access to account.

response

  • username - The username of the user on the platform
  • email - The email of the user on the platform (requires email scope, may be missing)

GET /account/:platform/:id

scope: accounts internal

Disconnects the account from current user, removing it from Jem.

response

  • done - always true

GET /user/@self/applications/connections

scope: applications

Returns a list of connected (authorized) applications.

response

  • id- app ID
  • owner - owner ID
  • name - Application name
  • description - Application description
  • icon - Application icon
  • scopes - List of scopes the user has authorized
  • createdAt - The date at which the authorization was first set (if scopes were updated later, this field doesn’t change).

DELETE /user/@self/applications/connections/:id

tfa scope: applications internal

Removes the connection and the application authorization.

GET /user/@self/applications

scope: applications internal

Returns a list of applications owned by user.

response

  • id - App’s ID
  • owner - The ID of owner (user ID)
  • name - Applications name
  • description - The description of the application
  • icon - The icon of the application
  • callbacks - List of URLs that can be used for callbacks
  • allowImplicit - Whether implicit tokens are supported or not
  • internal - Whether the app is internal or not
  • domains - List of domains (used by internal apps)

GET /user/@self/application/:id

scope: applications internal

Returns single application

response

  • id - App’s ID (used as public key)
  • owner - The ID of owner (user ID)
  • name - Applications name
  • description - The description of the application
  • icon - The icon of the application
  • callbacks - List of URLs that can be used for callbacks
  • allowImplicit - Whether implicit tokens are supported or not
  • internal - Whether the app is internal or not
  • domains - List of domains (used by internal apps)
  • secret - The applications secret

DELETE /user/@self/applications/:id

tfa scope: applications internal

Deletes owned application

response

  • done - always true, else error

POST /user/@self/applications

permission: CREATE_APPS internal scope: applications

Creates a new application. Other fields can be updated using PATCH method.

request

  • name - The application’s name. Alphanumeric 3 to 32 characters.

PATCH /user/@self/applications

internal scope: applications

Updates application. All fields are optional, those that are set will overwrite old values.

request

  • name - The application’s name. Alphanumerical, 3 to 32 characters.
  • description - The application’s description. Max 256 characters.
  • icon - The icon of the application
  • callbacks - List of usable callback URLs
  • allowImplicit - Whether implicit grant is available
  • internal - Whether app is internal or not (requires user to have CREATE_INTERNAL permission)
  • domains - The domains to be used with internal applications.
  • secret - A boolean whether to regenerate secret or not. Regenerating invalidates old secrets.

GET /platforms

Returns list of platforms.

response

  • name - Platform’s name
  • displayName - Platform’s display name
  • color - Platform’s base color
  • bg - Platform’s background color
  • icon - Platform’s icon, as URL.

GET /oauth/:platform/login

internal

Redirects user to login using specified platform. After the user logs in, redirects to redirect_uri

Scopes parameter is ignored, includes all scopes by default. If user has 2FA, user will be first asked to fill 2FA on Jem before being redirected back.

When user logins for the first time, will get redirected to Jem to fill their account and finish registration before going back.

get

  • client_id - The application that wants to login. Must be internal application. Empty for Jem frontend.
  • redirect_uri - Where to redirect back. Must be URL registered with the application.
  • state - The state that will be sent back.
  • response_type - code or token, as in OAuth

GET /oauth/:platform/callback

internal

Used as callback to given platform’s OAuth2 callback. Not to be used by any clients. Requires state cookie. Redirects to redirect_uri. Not callable directly.

GET /oauth/state

internal

Gets state data (simple info about the account user is trying to connect).

response

  • username the account’s username
  • sub sub text (the numbers in discord, for example)
  • email
  • id account id
  • platform

DELETE /oauth/state

internal

Deletes current state info, effectively cancelling account connection

POST /oauth/:platform/confirm

internal

Used after user confirms their choice to connect account, create a new account or similar.

If you want to set other fields, PATCH /user/@self/profile or PATCH INTERNAL after account creation.

cookie

state

request

  • account - Jem account to connect the platform account to. Null (explicit null) to create new account.

rest only if creating new account:

  • nickname - Nickname of choice of the user
  • displayName - Display name, if different from nickname

response

See /user/@self/profile.

POST /oauth/authorize/:client

Authorizes the application (:client is application ID).

get

  • scope - The allowed scopes
  • redirect_uri - The selected redirect uri
  • state - State the app sent
  • type - Response type

response

  • uri - URI to redirect to

GET /user/@self/firebase/token

internal returns: - `token` - JWT signed token that can be used with firebase. Custom Id is User ID. No custom claims.

Returns the signed firebase token

GET /user/@self/supabase/token

returns: - `token` - JWT signed token that can be used with supabase.

Returns signed supabase token.

User ID won’t exist in the users table, but RLS will still be usable.

Expiration time is set to 2 hours.