...
Access Token Endpoint
The access token endpoint is used by the client to request for access tokens. All clients have to be registered by using the Management API before the access token can be requested as all unregistered clients will not have their token request accepted. See the Client Registration section above for more information.
Every registered client will have a client_id and client_secret assigned by the Authorization Server and the access token can only be requested using this set of client credentials.
The access token can be requested using the Access Token URI that was configured using the access-token-uri parameter.
Info |
---|
title | Example - Access Token URI |
---|
|
if the access-token-uri parameter value was configured to /token. The access token endpoint would be: http(s)://hostname:port/token |
The client can request for the access token at the access token endpoint by following the steps below:
- Setting the "client_id" and "client_secret" as username and password respectively in the HTTP Basic Authentication header.
- Setting the "grant_type" parameter using the "application/x-www-form-urlencoded" format in the HTTP request entity-body. The value MUST be set to "client_credentials".
- In the case that the client doesn't support HTTP Basic Authentication, the "client_id" and "client_secret" can be set using the the "application/x-www-form-urlencoded" format in the HTTP request entity-body as well using the "client_id" and "client_secret" parameter names respectively.
Info |
---|
title | Example - Using HTTP Basic Authentication header |
---|
|
HTTP access token request by specifying client_id and client_secret in the HTTP Basic Authentication header Code Block |
---|
POST /token HTTP/1.1
Host: oauth2.server.com
Authorization: Basic WUN1SVBZVmEwR3J5ZWJwem5pQVpVNVZHcXllX2R4QkdkY1hJOk9meTEtUWZPM3lyRllkazNkajFwbU0zMEdLVnJlOVE2Yk1rNlY3WUlSbXFHSHdhaWpR
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials |
|
Info |
---|
title | Example - Using application/x-www-form-urlencoded in the HTTP request entity-body |
---|
|
HTTP access token request by specifying client_id and client_secret in the application/x-www-form-urlencoded format in the HTTP request entity-body Code Block |
---|
POST /token HTTP/1.1
Host: oauth2.server.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
client_id=YCuIPYVa0GryebpzniAZU5VGqye_dxBGdcXI
client_secret=Ofy1-QfO3yrFYdk3dj1pmM30GKVre9Q6bMk6V7YIRmqGHwaijQ |
|
The access token response will contain the following parameters to the entity-body of the HTTP response with a 200 (OK) status code:
entity-body | Description |
---|
access_token | The access token issued by the Authorization Server |
token_type | Value will always be Bearer |
expires_in | The lifetime (in seconds) of the access token |
Info |
---|
title | Example - HTTP access token response |
---|
|
Code Block |
---|
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 572
{
"access_token":"eyJraWQiOiJqd3QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJSaWVsbGUgQXBwIiwic2NvcGUiOiJzY29wZTEgc2NvcGUzIiwiaXNzIjoiZGlnaXRhbHJvdXRlIiwiZXhwIjoxNTIwMjY4MTk2LCJpYXQiOjE1MjAyNjYzOTZ9.fInkdt_Fe4QQ-gAgI7CszIMkru61aec6OYxQsotkydh5xVczJsaJ-QkAfPtJ0tTVkAYeJZYmVEi_aApY8HNJMrZgvS07S8PnBOwsPUAPAHTDVU3u3c9zqhVzV5233rcoMdiUK61Qa7MoreE_4BwxjYMbek08DscwPWRZ-3V1r49PZ5i2MI5kfj4LdNTcuJZZ62-oILupdvVCiGTt9poGZqZdktEkgKANXPhxp1oQ-w1LD9uhmsRWP_6Cd4R1ky1HJxEocbDtx0uf068De4v1rxH2myaz7faZBexeQEUHjiDLxomnBnQENTfxTEVIj7WLqenAzPIkAOC_KvVv5EaJJg",
"token_type":"Bearer",
"expires_in":1800
}
|
|
In the event of an error when requesting for an access token, The Authorization Server will respond with an HTTP 400 (Bad Request) status code, unless it is specified otherwise. The response will include the following parameters:
entity-body | Description |
---|
error | A single ASCII [USASCII] error code from the following: - invalid_client
- unsupported_grant_type
|
error_description | Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred. |
Info |
---|
title | Example - HTTP access token error response |
---|
|
Code Block |
---|
HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 64
{"error":"invalid_client","error_description":"Unknown client"} |
|