OAuth 2.0 Access Token Request
- 08 Jul 2024
- 1 Minute to read
- Print
- DarkLight
OAuth 2.0 Access Token Request
- Updated on 08 Jul 2024
- 1 Minute to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Issue a POST to /idp/profile/oauth2/token using the application/x-www-form-urlencoded format with a character encoding of UTF-8 and the following parameters in the request body:
Parameter | Type | Description |
|---|---|---|
grant_type | String required | "authorization_code" |
code | String required | The value of the "code" parameter from the previous response. |
redirect_uri | String required | The registered callback URL Must match exactly the value used in the previous request. |
client_id | String optional | Your Client ID. This is required if HTTP Basic Authentication is not used. |
client_secret | String optional | Your Client Secret. This is required if HTTP Basic Authentication is not used. |
As shown in the above table, HTTP Basic Authentication may be used instead of providing client_id and client_secret as request parameters. In that case the Client ID should be used as the username and the Client Secret should be used as the password.
Was this article helpful?