Endpoint (standard) | |
---|---|
URL | https://<baseurl>/oauth/token |
Request | POST with parameters as application/x-www-form-urlencoded data |
Authentication | Basic |
Token is a standard endpoint used for exchanging an Authorization Code with an Access Token or to Refresh a previously received Access Token.
The Authorization Code is contained in the foregoing response from the Authorize endpoint. The practise to exchange an Authorization Code for an Access Token applies for Autorization Code flow and Hybrid flow. The Access Token is used for subsequent access to Protected Resources, among them resources behind the Userinfo endpoint.
Refresh Tokens are currently not supported.
Name | Support | Description |
---|---|---|
grant_type | Grant type is always authorization_code | |
code | Value from response of the foregoing Authorize request | |
redirect_uri | Redirect URI used in the foregoing Authorize request | |
client_id | Not supported since the OIDC clients must always authenticate |
Name | Support | Description |
---|---|---|
client_id | Currently not supported | |
client_secret | Currently not supported | |
grant_type | Grant type is always refresh_token | |
refresh_token | Currently not supported | |
scope | Currently not supported |
Response elements
Return is a JSON structure with name/value pairs.