Token Endpoint


Parameters #

client_id #

client identifier (required – Either in the body or as part of the authorization header.)

client_secret #

client secret either in the post body, or as a basic authentication header. Optional.

grant_type #

authorization_code, client_credentials, password, refresh_token, urn:ietf:params:oauth:grant-type:device_code or custom

scope #

one or more registered scopes, delimited with space. If not specified, a token for all explicitly allowed scopes will be issued.

redirect_url #

required for the authorization_code grant type

code #

the authorization code (required for authorization_code grant type)

code_verifier #

PKCE proof key

username #

resource owner username (required for password grant type)

password #

resource owner password (required for password grant type)

refresh_token #

the refresh token (required for refresh_token grant type)

device_code #

the device code (required for urn:ietf:params:oauth:grant-type:device_code grant type)

Powered by BetterDocs