| URL | https://<baseurl>/oauth/token | ||
|---|---|---|---|
| Request method | POST with parameters as application/x-www-form-urlencoded data | ||
| Client authentication | See supported methods | Authentication | Basic |
| Request parameters | See below | ||
| Response elements | See below | ||
| Example | See below |
...
The Authorization Code is contained in the foregoing response from the Authorize endpoint. The practise to exchange an Authorization Code for an Access Token applies for Autorization Code flow and Hybrid flow. The Access Token is used for subsequent access to Protected Resources Value Added Services (VAS), among them resources behind the Userinfo (TINFO) endpoint.
Refresh Tokens are currently not supported.
...
The following example shows a request / response pair for the Token endpoint at the BankID pilot in pre-production. The example is generated from Postman (which is configured as a client at the OIDC Provider). The value for the authorization code in the request (code=b860604adbf40f6c53a797290916771) is taken from the corresponding example for the Authorize endpoint.
...