Use this endpoint to obtain an access token

post https://{pointofcontact}/oauth2/token

The token endpoint is used by the client to obtain an access token by
presenting its authorization grant or refresh token. The token
endpoint is used with every authorization grant except for the
implicit grant type (since an access token is issued directly).

time	status	user agent
Retrieving recent requests…

Loading…

Form Data

grant_type

string

required

Grant type string that the client can use at the token endpoint

code

string

The authorization code received from OIDC Provider.
Required when doing authorization_code flow.

code_verifier

string

Code verifier used as proof for code exchange.
It is used in authorization_code flow when code_challenge and code_challenge_method
are included in the authorization request.

redirect_uri

string

Redirection URI having the same value as it was included in the authorization request.
It is only used in authorization_code flow.

username

string

The resource owner username. Required for resource owner password credentials (ROPC) flow.

password

string

The resource owner password. Required for resource owner password credentials (ROPC) flow.

refresh_token

string

The refresh token issued to the client. Required for refresh token flow.

auth_req_id

string

A unique identifier to identify the authentication request made by the backchannel Client.
This is required for client initiated backchannel authentication (CIBA) flow.

scope

string

Space-delimited string indicating the scope associated with access request.

client_id

string

OAuth2.0 client identifier. Required when the client authentication method is using
"client_secret_post" or "tls_client_auth". It is optional when using "private_key_jwt"
client authentication; when specified it MUST match the "client_assertion" subject.

client_secret

string

OAuth2.0 client secret. May be specified when using "client_secret_post" client
authentication method.

client_assertion

string

The "private_key_jwt" assertion being used to authenticate the client.

client_assertion_type

string

Type of the client assertion.

Headers

x-client-certificate

string

MTLS Client Certificate

Responses

Language

Credentials

Basic

base64

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://pointofcontact/oauth2/token \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/x-www-form-urlencoded' \
5
     --data grant_type=authorization_code

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200Token response

400OAuth JSON error response