Token endpoint

To obtain an Access Token, an ID Token, and optionally a Refresh Token, the RP (Client) sends a Token Request to the Token Endpoint to obtain a Token Responses.

Request URL:

https://identify.safewhere.com/runtime/oauth2/token.idp

URI parameters:

Parameter	Description
client_id	The client identifier (required)
client_secrect	The client secret (optional)
grant_type	The grant type of the flow (required). We support one of the values: authorization_code / client_credentials / password /refresh_token / urn:ietf:params:oauth:grant-type:device_code
scope	one or more registered scopes (optional)
redirect_uri	The redirect_uri to the client (optional). It's required when the grant_type is authorization_code
code	The authorization code received from the authorization server. It's required when the grant_type is authorization_code
code_verifier	PKCE proof key
username	The Identify username. It's required the when grant_type is password
password	The Identify password. It's required when the grant_type is password
refresh_token	The refresh_token. It's required when the grant_type is refresh_token
device_code	The device code. It's required when the grant_type is urn:ietf:params:oauth:grant-type:device_code
client_assertion	The client assertion. It's required when you use private_key_jwt as its client authentication method
client_assertion_type	The client assertion type. It's required when you use private_key_jwt as its client authentication method
resource	Indicates the target service or resource to which access is being requested (Optional). Multiple resource parameters MAY be used to indicate that the requested token is intended for multiple resources. - Its value MUST be an absolute URI. - The URI MUST NOT include a fragment component. - It SHOULD NOT include a query component. - Its value must be one of the configured Security token audiences. If the request includes a resource parameter, the resulting JWT access token's aud claim SHOULD have the same value as the resource parameter in the request.