URL #
Parameters #
client_id #
client identifier (required – Either in the body or as part of the authorization header.)
client_secret #
client secret either in the post body, or as a basic authentication header. Optional.
grant_type #
authorization_code, client_credentials, password, refresh_token, urn:ietf:params:oauth:grant-type:device_code or custom
scope #
one or more registered scopes, delimited with space. If not specified, a token for all explicitly allowed scopes will be issued.
redirect_url #
required for the authorization_code grant type
code #
the authorization code (required for authorization_code grant type)
code_verifier #
PKCE proof key
username #
resource owner username (required for password grant type)
password #
resource owner password (required for password grant type)
refresh_token #
the refresh token (required for refresh_token grant type)
device_code #
the device code (required for urn:ietf:params:oauth:grant-type:device_code grant type)