Token endpoint

Token endpoint

To obtain an Access Token, an ID Token, and optionally a Refresh Token, the RP (Client) sends a Token Request to the Token Endpoint to obtain a Token Responses.

Request URL:

URI parameters:

Parameter Description
client_id The client identifier (required)
client_secrect The client secret (optional)
grant_type The grant type of the flow (required). We support one of the values: authorization_code / client_credentials / password /refresh_token / urn:ietf:params:oauth:grant-type:device_code
scope one or more registered scopes (optional)
redirect_uri The redirect_uri to the client (optional). It's required when the grant_type is authorization_code
code The authorization code received from the authorization server. It's required when the grant_type is authorization_code
code_verifier PKCE proof key
username The Identify username. It's required the when grant_type is password
password The Identify password. It's required when the grant_type is password
refresh_token The refresh_token. It's required when the grant_type is refresh_token
device_code The device code. It's required when the grant_type is urn:ietf:params:oauth:grant-type:device_code
client_assertion The client assertion. It's required when you use private_key_jwt as its client authentication method
client_assertion_type The client assertion type. It's required when you use private_key_jwt as its client authentication method