URL | https://<baseurl>/oidc/oauth/token |
---|---|
Request | POST with parameters as application/x-www-form-urlencoded data |
Authentication | Basic |
Request parameters | See below |
Response elements | See below |
Example | See below |
Token is a standard endpoint used for exchanging an Authorization Code with an Access Token or to Refresh a previously received Access Token.
The Authorization Code is contained in the foregoing response from the Authorize endpoint. The practise to exchange an Authorization Code for an Access Token applies for Autorization Code flow and Hybrid flow. The Access Token is used for subsequent access to Protected Resources, among them resources behind the Userinfo endpoint.
Refresh Tokens are currently not supported.
Request parameters
Request parameters are different for Access Token requests and Refresh Token requests.
Access Token request
Name | Support | Description |
---|---|---|
grant_type | Grant type is always authorization_code | |
code | Value from response of the foregoing Authorize request | |
redirect_uri | Redirect URI used in the foregoing Authorize request | |
client_id | Not supported since the OIDC clients must always authenticate |
Refresh Token request
Refresh Tokens are currently not supported.
Response elements
Reponses are different for Access Token requests and Refresh Token requests.
Access Token response
The response is a JSON structure according to standard that contains an Access Token along with associated attributes. An ID Token associated with the authenticated end-user is also contained in the response. The token_type
attribute is given by the type of token "negotiated" with the OIDC Provider in the foregoing Authorize request. The OIDC Provider uses the authorization code
contained in the Access Token request to lookup the type of token "negotiated" for corresponding session in progress.
The inclusion of Refresh Tokens in the Acces Token response is currently not supported.
Refresh Token response
Refresh Tokens are currently not supported.
Example
x
y