Generate Access Token and Other OAuth Runtime Tokens to Access the Resource
post
/oauth2/v1/token
Request
Supported Media Types
- application/x-www-form-urlencoded
Header Parameters
-
Authorization(optional): string
Basic Authorization. Base64 encoding of client credentials (for client assertions, the Authorization header is optional). Signature-based Authorization. For example, Authorization: Signature version="1",keyId="[tenancyOcid]/[userOcid]/[keyFingerprint]",algorithm="rsa-sha256",headers="(request-target) date x-content-sha256 content-type content-length",signature="Base64(RSA-SHA256(
))"
Root Schema : schema
Type:
Show Source
object
-
assertion(optional):
string
Assertion of user (only in the assertion grant flow)Example:
eyJraWQiOiJUcnVzdGVkUGFydHlfMSIsInR5cCI6IkpXVCIsImFsZyI6IlJTNTEyIn0.eyJzdWIiOiJ0ZXN0QG9yYWNsZS5jb20iLCJhdWQiOiJodHRwczpcL1wvd3d3LmlkZW50aXR5Lm9yYWNsZWNsb3VkLmNvbVwvIiwibmJmIjoxNDQwNzU5NDQ0LCJpc3MiOiJUcnVzdGVkUGFydHlfMSIsImV4cCI6MTQ0MDc2MDA0NCwiaWF0IjoxNDQwNzU5NDQ0LCJqdGkiOiIyYmViNmQ1ZS1lN2JmLTQ1NTgtOTc1Yy1iNjNhZWJlMzEwOTMifQ.pWDTO81e31h8waDz_eCI3IJuxNBRh4k2hDVhmsQSH8DgztzgL10dVKZnRTBo-Tfj3-NBa9GihzZw1QsLBnd8oeG0ZD-EKz0ZiL6sT13QeYLV7G3gIDLrTO2FbVNd615Dg1wcVPz5f631NQBW5TRl4mcQUGNHEfRrE1F5NrC_Ok
-
client_assertion(optional):
string
Assertion of the client (only in client assertion cases)Example:
eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTNTEyIn0.eyJzdWIiOiI1YzA4NDcyMi03Njk3LTQ2NzgtOWVmNC01ZDMxYjg5MjgzYTMiLCJhdWQiOiJodHRwczpcL1wvd3d3LmlkZW50aXR5Lm9yYWNsZWNsb3VkLmNvbVwvIiwibmJmIjoxNDQwNzU5NDA4LCJpc3MiOiJTSUdOSU5HX0tFWSIsImV4cCI6MTQ0MDc2MDAwOCwiaWF0IjoxNDQwNzU5NDA4LCJqdGkiOiJhMmIwYmQzMS1mODFkLTRmNmMtODY1Ni1lOWRjYTczNTU4OTIifQ.jefxnKDUedfJgp40nUbLJrPdoTPGrkWHrp_uiuqJzD_7Pp9N2GkrAN-Nfri26ryGF0aMxjUs_My8qyfyzuDSK9iPHVLMDulbrdnShEAi-rYS8MMs4Uj6KYYhg_S8nquN5SAk00ZjKCjAImAbAghGXjJ51ZfPsBLMTP0fa7zAr9g
-
client_assertion_type(optional):
string
Client assertion type (only in client assertion cases)Example:
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
-
client_id(optional):
string
Unique identifier for the client (only in client assertion cases)Example:
a5bf5db7f6c43b47b1eae399c68319c4
-
code(optional):
string
Authorization Code that is generated during the call to the Authorize endpoint (only in the Authorization (3-legged) grant flow)Example:
AQIDBAXxVUQH5kHqoD1vmxmo-Yh1SCrbeyQQoJv4qaPWk0iu8aXwMvVREFk4YcPNNJ6oxpIanTS253PPqsvyp2KJ8QJfMTEgRU5DUllQVElPTl9LRVkxNCB7djF9NCA%3D
-
grant_type:
string
Grant type by which a client requests an Access TokenExample:
client_credentials
-
password(optional):
string
Password of the user (only when using the Password grant flow)Example:
Test123456
-
redirect_uri(optional):
string
Redirect URI where the response is sent (used in the Authorization or Implicit (3-legged) grant flow)Example:
http://abccorp.com/quote
-
refresh_token(optional):
string
Refresh Token that is generated using the offline_access scope (only in the Refresh Token grant flow)Example:
eyJ4NXQiOiI4Wk5NMEFfNWFuSTc0dGp3Y3FWcWtMN3Z0Q2ciLCJraWQiOiJwcml2YWVrZXkxIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJ0ZXN0QG9yYWNsZS5jb20iLCJhdWQiOiI1YzA4NDcyMi03Njk3LTQ2NzgtOWVmNC01ZDMxYjg5MjgzYTMiLCJuYmYiOjE0NDA3NTk0NDYsInNjb3BlIjoiQUNNRUNhbmRpZGF0ZVByb2ZpbGVTZXJ2aWNlLnJlc3VtZXNfbW9udGhzIG9mZmxpbmVfYWNjZXNzIiwiaXNzIjoiaWRjcy5vcmFjbGUuY29tIiwiZXhwIjoxNDQwOTc1NDQ2LCJpYXQiOjE0NDA3NTk0NDYsInRlbmFudCI6IlRFTkFOVDEiLCJqdGkiOiJhZWZhYTUwOC0zZGNlLTQ5OWMtYmExNC04ZDNhYTQ1NzEyMjEifQ.aLfyVU7OZgvJKLG5nkj-2P515QZ1KTcjsPot9r6HGNs7cARCE_OIR4x7bK8CfPU6oY3vs1HC6m9HPg-ieE3ckA
-
requested_token_type(optional):
string
Requested token type (only in token exchange cases)Example:
urn:ietf:params:oauth:token-type:access_token
-
scope:
string
Scope for which the Access Token is requested. For the refresh_token grant type, scope is optional.Example:
http://abccorp.com/quote
-
subject_token(optional):
string
Subject token representing the subject (only in token exchange cases)Example:
AQIDBAXxVUQH5kHqoD1vmxmo-Yh1SCrbeyQQoJv4qaPWk0iu8aXwMvVREFk4YcPNNJ6oxpIanTS253PPqsvyp2KJ8QJfMTEgRU5DUllQVElPTl9LRVkxNCB7djF9NCA%3D
-
username(optional):
string
Name of the user who wants to access the scope (only when using the Password grant flow)Example:
test@example.com
Response
Supported Media Types
- application/json
200 Response
Access Token generated
Root Schema : token
Type:
object
Generate the Access Token in JSON Web Token format (JWT).
Show Source
-
access_token:
string
Access Token used to access the scopes
-
expires_in:
number
Expiry time of the Access Token in seconds
-
id_token(optional):
string
Identity Token generated for the associated client and user (only in 3-legged flows)
-
refresh_token(optional):
string
Refresh Token used to regenerate the Access Token (only when the offline_access scope is used)
-
token_type:
string
Type of Access Token (Bearer)
400 Response
Invalid request
Root Schema : error
Type:
object
Error message that appears during Access Token generation
Show Source
-
error:
string
Error values that are based on the OAuth specification
-
error_description:
string
Detailed error messages
401 Response
Unauthorized client
Root Schema : error
Type:
object
Error message that appears during Access Token generation
Show Source
-
error:
string
Error values that are based on the OAuth specification
-
error_description:
string
Detailed error messages