Request an access token
post
https://iam.sbc.com/console/auth/realms/sbc/protocol/openid-connect/token
This operation authenticates the supplied credentials and returns the access and refresh tokens. The access token can be used as authorization bearer token to make REST API calls. The refresh token can be used to obtain a new access token if the old access token expires.
Request
There are no request parameters for this operation.
Supported Media Types
- application/x-www-form-urlencoded
Root Schema : schema
Match One Schema
Show Source
-
object
AccessTokenRequest
Credentials for the token request
-
object
RefreshTokenRequest
Credentials for the refresh token request
Nested Schema : AccessTokenRequest
Type:
objectCredentials for the token request
Show Source
-
client_id(required): string
An Identifier of the client which interacts with the IAM to authenticate users and obtain tokens
-
grant_type(required): string
Allowed Values:
[ "password" ] -
password(required): string
-
username(required): string
Example:
{
"client_id":"cnsbc-api-access",
"username":"foo",
"password":"bar",
"grant_type":"password"
}Nested Schema : RefreshTokenRequest
Type:
objectCredentials for the refresh token request
Show Source
-
client_id(required): string
An Identifier of the client which interacts with the IAM to authenticate users and obtain tokens
-
grant_type(required): string
Allowed Values:
[ "refresh_token" ] -
refresh_token(required): string
(base64)
Example:
{
"client_id":"cnsbc-api-access",
"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lk",
"grant_type":"refresh_token"
}Response
Supported Media Types
- application/json
200 Response
Successful Access Token Request
Root Schema : TokenResponse
Type:
objectContains information related to the access token response
Show Source
-
access_token(required): string
(base64)
-
expires_in(required): integer
Time when the access token expires
-
not-before-policy: integer
This ensures that any tokens issued before that time become invalid
-
refresh_expires_in(required): integer
Time when the refresh token expires
-
refresh_token(required): string
(base64)
-
scope: string
This lists down the resources the client is authorized to access. Specify scopes as space-separated list. For example - scope: profile email, where profile and email are separate resources that can accessed by the client.
-
session_state: string
(uuid)
This represents an end-user login state
-
token_type(required): string
Allowed Values:
[ "Bearer" ]
Example:
{
"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia",
"expires_in":900,
"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lk",
"refresh_expires_in":3600,
"token_type":"Bearer",
"not-before-policy":0,
"session_state":"3d5ee6c7-d2e1-48f6-8fff-9164a179175a",
"scope":"email profile"
}400 Response
Error in the Access Token Request
Root Schema : AccessTokenErr
Type:
objectError returned in the access token response message
Show Source
401 Response
Error in the Access Token Request
Root Schema : AccessTokenErr
Type:
objectError returned in the access token response message
Show Source
405 Response
Method Not Allowed
Root Schema : AccessTokenErr
Type:
objectError returned in the access token response message
Show Source
500 Response
Internal Server Error
Root Schema : AccessTokenErr
Type:
objectError returned in the access token response message
Show Source
503 Response
Service unavailable
Root Schema : AccessTokenErr
Type:
objectError returned in the access token response message
Show Source
Default Response
Generic Error