Paths
/oauth2/authorize
endpoint for Authorization Code and Implicit grants
description
application's client_id
request an authorization code or or access token (implicit)
{
"enum": [
"code",
"token"
]
}
Scope being requested
URI where user is redirected to after authorization
This string will be echoed back to application when user is redirected
consentId
An HTML form for authentication or authorization of this request.
Redirect to the clients redirect_uri containing one of the following
- authorization code for Authorization code grant
- access token for Implicity grant
- error in case of errors, such as the user has denied the request
submit approval to authorization code or access token
Submit resource owners approval (or rejection) for the OAuth2 Server to issue an authorization code or access token to the application.
application requesting the access code or token
requested scope of this authorization
resource owners user name
URI the application is requesting this code or token to be redirected to
URL of the original authorization request
state information provided in the authorization form
state information provided in the authorization form
A consent form for oauth processing.
/oauth2/token
Request Access Tokens
This endpoint allows requesting an access token following one of the flows below:
- Authorization Code (exchange code for access token)
- Client Credentials (2-legged, there isnt resource owner information)
- Resource Owner Password Credentials (2-legged, client provides resource owner name and password)
- Refresh Token (exchange refresh token for a new access code)
The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.
Client authentication:
- Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter.
- Public clients should send their client_id as formData parameter.
grant_type | code | client_credentials | password | refresh_token |
---|---|---|---|---|
client_id | required | required | required | required | ||
client_secret | required | required | required | required | ||
code | required | |||
redirect_uri | required | |||
username | required | |||
password | required | |||
scope | optional | optional | ||
refresh_token | required |
The implicit grant requests, see /oauth2/authorize.
Type of grant
{
"enum": [
"authorization_code",
"password",
"client_credentials",
"refresh_token"
]
}
Application client ID, can be provided in formData or using HTTP Basic Authentication
Application secret, must be provided in formData or using HTTP Basic Authentication
Authorization code provided by the /oauth2/authorize endpoint
required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical.
Resource owner username
Resource owner password
Scope being requested
The refresh token that the client wants to exchange for a new access token (refresh_token grant_type)
ID consent
code verifier for pkce
json document containing token, etc.
json document that may contain additional details about the failure
Definitions
{
"type": "object",
"additionalProperties": false,
"required": [
"token_type",
"access_token",
"expires_in"
],
"properties": {
"token_type": {
"enum": [
"bearer"
]
},
"access_token": {
"type": "string"
},
"expires_in": {
"type": "integer"
},
"scope": {
"type": "string"
},
"refresh_token": {
"type": "string"
}
}
}
{
"type": "object",
"additionalProperties": true,
"required": [
"active",
"client_id",
"client_name",
"username",
"sub",
"exp",
"expstr",
"iat",
"nbf",
"nbfstr",
"scope",
"consentId"
],
"properties": {
"active": {
"type": "boolean"
},
"client_id": {
"type": "string"
},
"client_name": {
"type": "string"
},
"username": {
"type": "string"
},
"sub": {
"type": "string"
},
"exp": {
"type": "string"
},
"expstr": {
"type": "string"
},
"iat": {
"type": "string"
},
"nbf": {
"type": "string"
},
"nbfstr": {
"type": "string"
},
"scope": {
"type": "string"
},
"miscinfo": {
"type": "string"
},
"consented_on": {
"type": "string"
},
"consented_on_str": {
"type": "string"
},
"grant_type": {
"type": "string"
},
"consentId": {
"type": "string"
}
}
}