This end-point is used for exchanging an authorization_code with an access_token. The access_token is used for accessing resources like userinfo and potential other resource servers. The access_code exchanged was created by the authorization endpoint with a response_type containing "code"

The request should be a POST with parameters sent as "application/x-www-form-urlencoded" data.

Input:

• code=<value from authorization>
• grant_type=authorization_code
• redirect_uri=<redirect_uri used in authorization request>

Return is a JSON structure with name/value pairs.

1. An access_token is required to enable the OIDC Client to get Additional Information by requesting the UserInfo endpoint. This currently only concerns the Norwegian National Identity Number (nnin) in case of BankID. To get access to nnin  the authorization request scope must contain "nnin" and return type should be "code id_token". The response body, from point 2, will additionally contain an autorization_code. This authorization_code is used to call the Token endpoint (client_id and client_secret is used for basic authentication of the request) to obtain an access_token.
2. Use the access_token in the authorization header as a "Bearer" token to request the UserInfo endpoint. The response will contain a JSON structure which is much like the id_token, but with addition of "nnin" (client must be approved to use scope "nnin").

Parameters