Paths
/token
Request Access Tokens
This endpoint allows requesting an access token following one of the flows below:
- Authorization Code (exchange code for access token)
- Client Credentials (2-legged, there isnt resource owner information)
- Resource Owner Password Credentials (2-legged, client provides resource owner name and password)
- Refresh Token (exchange refresh token for a new access code)
The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.
Client authentication:
- Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter.
- Public clients should send their client_id as formData parameter.
grant_type | code | client_credentials | password | refresh_token |
---|---|---|---|---|
client_id | required | required | required | required | ||
client_secret | required | required | required | required | ||
code | required | |||
redirect_uri | required | |||
username | required | |||
password | required | |||
scope | optional | optional | ||
refresh_token | required |
The implicit grant requests, see /oauth2/authorize.
Type of grant
{
"enum": [
"authorization_code",
"password",
"client_credentials",
"refresh_token"
]
}
Application client ID, can be provided in formData or using HTTP Basic Authentication
Application secret, must be provided in formData or using HTTP Basic Authentication
Authorization code provided by the /oauth2/authorize endpoint
required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical.
Resource owner username
Resource owner password
Scope being requested
The refresh token that the client wants to exchange for a new access token (refresh_token grant_type)
json document containing token, etc.
json document that may contain additional details about the failure
Definitions
{
"type": "object",
"additionalProperties": false,
"required": [
"token_type",
"access_token",
"expires_in"
],
"properties": {
"token_type": {
"enum": [
"bearer"
]
},
"access_token": {
"type": "string"
},
"expires_in": {
"type": "integer"
},
"scope": {
"type": "string"
},
"refresh_token": {
"type": "string"
}
}
}