Skip to main content

The OAuth 2.0 Token Endpoint

This endpoint is used by your application to obtain an access token or a refresh token. It is used by all flows except for the Implicit Flow because in that case an access token is issued directly.

  1. In the Client Credentials Flow, the application authenticates using a set of credentials and then gets an access token.
  2. In the Authorization Code Flow, the application exchanges an authorization code for an access token.
  3. In the Refresh Token Flow, the application uses a refresh token to obtain a new access token.
Request Body
    client_id string

    The client identifier issued to the client during the registration process

    code string

    The authorization code received from the authorization server

    grant_type string required

    Possible values: [client_credentials, authorization_code, refresh_token]

    The grant type of the token request

    redirect_uri string

    The redirect URI used in the initial authorization request

    refresh_token string

    The refresh token issued to the client

    scope string

    The scope of the access request

Responses

Successful token exchange

Schema
    access_token string

    The access token issued by the authorization server.

    expires_in int64

    The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.

    id_token string

    To retrieve a refresh token request the id_token scope.

    refresh_token string

    The refresh token, which can be used to obtain new access tokens. To retrieve it add the scope "offline" to your access token request.

    scope string

    The scope of the access token

    token_type string

    The type of the token issued

    expires_at date-time

    The date and time when the access token expires, in ISO 8601 format

Loading...