OAuth 2.0 Access Token Response
- 08 Jul 2024
- 1 Minute to read
- Print
- DarkLight
OAuth 2.0 Access Token Response
- Updated on 08 Jul 2024
- 1 Minute to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Assuming the token request is valid, the RapidIdentity server will return a response like this:
Note
Displayed values have been truncated here for formatting purposes, but the strings listed here should represent actual, usable values when generated in a production environment.
HTTP/1.1 200 OK Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "Bearer",
"expires_in": 7200,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc [...]"
}The ID Token is a JWT which can be plain, signed, encrypted or signed+encrypted. The claims in the ID token are based on the claims which have been configured for the client.
Once an Authorization Code has been exchanged for an Access/ID Token, that Authorization Code may not be used again in the future.
If it attempted to be used again, all Access tokens which have been issued by that Authorization Code will be invalidated.
Was this article helpful?