Request a Token with Multi-Factor Authentication

Use the following procedure if you have enabled multi-factor authentication (MFA) on your account.

The MFA feature in Oracle Identity Cloud Service enables customers to add an extra security step to the authentication process. The following second factors are supported:

• Security Questions: Users are prompted during the sign-in process to correctly answer a defined number of security questions to verify their identity.

• Mobile Authenticator Application:

  • Mobile app passcode: Users generate an OTP on the Oracle Mobile Authenticator App on their device that must be used during log in.

  • Mobile app notification: Users receive a push notification on their device (mobile) OMA App and can choose to either "Allow" or "Deny" logIn.

• Text Message: Users receive a temporary passcode as a text message (SMS) on their device that must be used during log in.

• Email: Users receive an email message that contains a temporary passcode that must be used during log in.

Generate a Token for Users with Oracle Mobile Authenticator (OMA) as the Second Factor

In the following example, the configured second factor authentication is Authenticator Mobile app passcode.

1. Send a POST request to the /oauth2/v1/token API.

   curl -L -X POST "${IDCS_FQDN}/oauth2/v1/token" \
       --header "Authorization: Basic $AUTHORIZATION_VALUE" \
       --header "Content-Type: application/x-www-form-urlencoded" \
       --data-urlencode 'grant_type=client_credentials' \
       --data-urlencode 'scope=urn:opc:idm:__myscopes__'

2. The response body includes an access_token parameter that contains the access token.

   {
       "access_token": <generated_access_token>,
       "token_type": "Bearer",
       "expires_in": 3600
   }

   The token expires after the number of seconds given in the expires_in parameter.

3. Export the access token to a variable for convenient use in subsequent requests.

   export ACCESS_TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'

4. Initiate the authentication flow.

   curl -L -X GET \
       --header "Authorization: Bearer $ACCESS_TOKEN" \
       "https://$IDCS_FQDN/sso/v1/sdk/authenticate"

5. Extract the first factor from the response. Here the first factor is a username and password.

   {
     "status": "success",
     "ecId": "<ecId>",
     "nextOp": [
       "credSubmit"
     ],
     "nextAuthFactors": [
       "USERNAME_PASSWORD"
     ],
     "keepMeSignedInEnabled": false,
     "requestState": "<request_state>",
     "applicationName": "OSDMCRESTApp",
     "showMessageForReAuth": false,
     "USERNAME_PASSWORD": {
       "credentials": [
           "username",
           "password"
       ]
     }
   }

6. Send the first factor along with the responseState parameter from the previous response.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{
       "op":"credSubmit",
       "credentials":{
         "username":"<username>",
         "password":"<password>"
       },
     "requestState": "<Use previously generated requestState>"
     }'

   The response:

   {
     "otpLength": 6,
     "status": "success",
     "ecId": "<ecId>",
     "displayName": "Bob's Phone-1",
     "nextAuthFactors": [
       "TOTP"
     ],
     "TOTP": {
       "credentials": [
           "otpCode"
       ]
     },
     "nextOp": [
       "credSubmit",
       "getBackupFactors"
     ],
     "scenario": "AUTHENTICATION",
     "requestState": "<request_state>",
     "trustedDeviceSettings": {
       "trustDurationInDays": 15
     }
   }

7. Send the second factor OTP code that you received on your phone.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{  
       "op":"credSubmit",
       "credentials":{  
         "otpCode": "151309"
       },
       "requestState": "<request state from previous step>"
     }'

8. The response contains the authnToken token.

   {
     "authnToken": "<authToken>",
     "status": "success",
     "ecId": "<ecId>"
   }

9. Extract the authnToken.

   export AUTHNTOKEN='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

10. Generate an access token using the authnToken.

    curl -L -X POST "https://$IDCS_FQDN/oauth2/v1/token" \
      --header "Authorization: Basic $AUTHORIZATION_VALUE" \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
      --data-urlencode "scope=osdmc:rest offline_access" \
      --data-urlencode "assertion=$AUTHNTOKEN"

    The response body includes an access_token parameter that contains the access token.

    {
        "access_token": <generated_access_token>,
        "token_type": "Bearer",
        "expires_in": 3600,
        "refresh_token": <refresh_token>
    }

    The token expires after the number of seconds given in the expires_in parameter.

11. Export the access token for convenient use in subsequent requests. Below are 2 ways to do this.

    • Export the token to an variable and use it in subsequent requests.

    export TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'
    curl -L -X GET \
        --header "Authorization: Bearer ${TOKEN}" \
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"

    • Save the token to a file and use reference that file in subsequent requests.

    echo "Authorization: Bearer <access token>" > auth_header.txt
    curl -L -X GET \
        --header @auth_header.txt
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"

Generate a Token for Users with Oracle Mobile Authenticator (OMA) Push Notification as the Second Factor

In the following example, the configured second factor authentication is Authenticator Mobile app push notification.

1. Send a POST request to the /oauth2/v1/token API.

   curl -L -X POST "${IDCS_FQDN}/oauth2/v1/token" \
       --header "Authorization: Basic $AUTHORIZATION_VALUE" \
       --header "Content-Type: application/x-www-form-urlencoded" \
       --data-urlencode 'grant_type=client_credentials' \
       --data-urlencode 'scope=urn:opc:idm:__myscopes__'

2. The response body includes an access_token parameter that contains the access token.

   {
       "access_token": <generated_access_token>,
       "token_type": "Bearer",
       "expires_in": 3600
   }

   The token expires after the number of seconds given in the expires_in parameter.

3. Export the access token to a variable for convenient use in subsequent requests.

   export ACCESS_TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'

4. Initiate the authentication flow.

   curl -L -X GET \
       --header "Authorization: Bearer $ACCESS_TOKEN" \
       "https://$IDCS_FQDN/sso/v1/sdk/authenticate"

5. Extract the first factor from the response. Here the first factor is a username and password.

   {
     "status": "success",
     "ecId": "<ecId>",
     "nextOp": [
       "credSubmit"
     ],
     "nextAuthFactors": [
       "USERNAME_PASSWORD"
     ],
     "keepMeSignedInEnabled": false,
     "requestState": "<request_state>",
     "applicationName": "OSDMCRESTApp",
     "showMessageForReAuth": false,
     "USERNAME_PASSWORD": {
       "credentials": [
           "username",
           "password"
       ]
     }
   }

6. Send the first factor along with the responseState parameter from the previous response.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{
       "op":"credSubmit",
       "credentials":{
         "username":"<username>",
         "password":"<password>"
       },
     "requestState": "<Use previously generated requestState>"
     }'

   The response:

   {
     "status": "pending",
     "ecId": "<ecid>",
     "displayName": "Display name",
     "nextAuthFactors": [
       "PUSH"
     ],
     "cause": [
       {
         "code": "AUTH-1108",
         "message": "Push Notification approval is pending."
       }
     ],
     "nextOp": [
       "credSubmit",
       "getBackupFactors"
     ],
     "scenario": "AUTHENTICATION",
     "requestState": "<request state>",
     "trustedDeviceSettings": {
       "trustDurationInDays": 15
     }
   }

   After this request, a push notification is sent to the user’s configured secondfactor authenticator application.

   The "pending" status indicates that authentication is in progress and waiting upon the user's action on the push notification.

7. Send the second factor push notification code that you received.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{  
       "op":"credSubmit",
       "requestState": "<request state from previous step>"
     }'

8. The response contains the authnToken token.

   {
     "authnToken": "<authToken>",
     "status": "success",
     "ecId": "<ecId>"
   }

9. Extract the authnToken.

   export AUTHNTOKEN='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

10. Generate an access token using the authnToken.

    curl -L -X POST "https://$IDCS_FQDN/oauth2/v1/token" \
      --header "Authorization: Basic $AUTHORIZATION_VALUE" \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
      --data-urlencode "scope=osdmc:rest offline_access" \
      --data-urlencode "assertion=$AUTHNTOKEN"

    The response body includes an access_token parameter that contains the access token.

    {
        "access_token": <generated_access_token>,
        "token_type": "Bearer",
        "expires_in": 3600,
        "refresh_token": <refresh_token>
    }

    The token expires after the number of seconds given in the expires_in parameter.

11. Export the access token for convenient use in subsequent requests. Below are 2 ways to do this.

    • Export the token to an variable and use it in subsequent requests.

    export ACCESS_TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'
    curl -L -X GET \
        --header "Authorization: Bearer ${ACCESS_TOKEN}" \
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"

    • Save the token to a file and use reference that file in subsequent requests.

    echo "Authorization: Bearer <access token>" > auth_header.txt
    curl -L -X GET \
        --header @auth_header.txt
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"

Generate a Token for Users with Email as the Second Factor

In the following example, the configured second factor authentication is email.

1. Send a POST request to the /oauth2/v1/token API.

   curl -L -X POST "${IDCS_FQDN}/oauth2/v1/token" \
       --header "Authorization: Basic $AUTHORIZATION_VALUE" \
       --header "Content-Type: application/x-www-form-urlencoded" \
       --data-urlencode 'grant_type=client_credentials' \
       --data-urlencode 'scope=urn:opc:idm:__myscopes__'

2. The response body includes an access_token parameter that contains the access token.

   {
       "access_token": <generated_access_token>,
       "token_type": "Bearer",
       "expires_in": 3600
   }

   The token expires after the number of seconds given in the expires_in parameter.

3. Export the access token to a variable for convenient use in subsequent requests.

   export ACCESS_TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'

4. Initiate the authentication flow.

   curl -L -X GET \
       --header "Authorization: Bearer $ACCESS_TOKEN" \
       "https://$IDCS_FQDN/sso/v1/sdk/authenticate"

5. Extract the first factor from the response. Here the first factor is a username and password.

   {
     "status": "success",
     "ecId": "<ecId>",
     "nextOp": [
       "credSubmit"
     ],
     "nextAuthFactors": [
       "USERNAME_PASSWORD"
     ],
     "keepMeSignedInEnabled": false,
     "requestState": "<request_state>",
     "applicationName": "OSDMCRESTApp",
     "showMessageForReAuth": false,
     "USERNAME_PASSWORD": {
       "credentials": [
           "username",
           "password"
       ]
     }
   }

6. Send the first factor along with the responseState parameter from the previous response.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{
       "op":"credSubmit",
       "credentials":{
         "username":"<username>",
         "password":"<password>"
       },
     "requestState": "<Use previously generated requestState>"
     }'

   The response:

   {
     "otpLength": 6,
     "status": "success",
     "ecId": "<ecid>",
     "displayName": "Display Name",
     "nextAuthFactors": [
       "EMAIL"
     ],
     "EMAIL": {
       "credentials": [
         "otpCode"
       ]
     },
     "nextOp": [
       "credSubmit",
       "getBackupFactors",
       "resendCode"
     ],
     "scenario": "AUTHENTICATION",
     "requestState": "<requestState>",
     "trustedDeviceSettings": {
       "trustDurationInDays": 15
     }
   }

7. Send the second factor code that you received by email.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{  
       "op":"credSubmit",
       "credentials": {
         "optCode": "<passcode from email>"
       }
       "requestState": "<request state from previous step>"
     }'

8. The response contains the authnToken token.

   {
     "authnToken": "<authToken>",
     "status": "success",
     "ecId": "<ecId>"
   }

9. Extract the authnToken.

   export AUTHNTOKEN='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

10. Generate an access token using the authnToken.

    curl -L -X POST "https://$IDCS_FQDN/oauth2/v1/token" \
      --header "Authorization: Basic $AUTHORIZATION_VALUE" \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
      --data-urlencode "scope=osdmc:rest offline_access" \
      --data-urlencode "assertion=$AUTHNTOKEN"

    The response body includes an access_token parameter that contains the access token.

    {
        "access_token": <generated_access_token>,
        "token_type": "Bearer",
        "expires_in": 3600,
        "refresh_token": <refresh_token>
    }

    The token expires after the number of seconds given in the expires_in parameter.

11. Export the access token for convenient use in subsequent requests. Below are 2 ways to do this.

    • Export the token to an variable and use it in subsequent requests.

    export ACCESS_TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'
    curl -L -X GET \
        --header "Authorization: Bearer ${ACCESS_TOKEN}" \
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"

    • Save the token to a file and use reference that file in subsequent requests.

    echo "Authorization: Bearer <access token>" > auth_header.txt
    curl -L -X GET \
        --header @auth_header.txt
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"

Generate a Token for Users with Text Message (SMS) as the Second Factor

In the following example, the configured second factor authentication is SMS.

1. Send a POST request to the /oauth2/v1/token API.

   curl -L -X POST "${IDCS_FQDN}/oauth2/v1/token" \
       --header "Authorization: Basic $AUTHORIZATION_VALUE" \
       --header "Content-Type: application/x-www-form-urlencoded" \
       --data-urlencode 'grant_type=client_credentials' \
       --data-urlencode 'scope=urn:opc:idm:__myscopes__'

2. The response body includes an access_token parameter that contains the access token.

   {
       "access_token": <generated_access_token>,
       "token_type": "Bearer",
       "expires_in": 3600
   }

   The token expires after the number of seconds given in the expires_in parameter.

3. Export the access token to a variable for convenient use in subsequent requests.

   export ACCESS_TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'

4. Initiate the authentication flow.

   curl -L -X GET \
       --header "Authorization: Bearer $ACCESS_TOKEN" \
       "https://$IDCS_FQDN/sso/v1/sdk/authenticate"

5. Extract the first factor from the response. Here the first factor is a username and password.

   {
     "status": "success",
     "ecId": "<ecId>",
     "nextOp": [
       "credSubmit"
     ],
     "nextAuthFactors": [
       "USERNAME_PASSWORD"
     ],
     "keepMeSignedInEnabled": false,
     "requestState": "<request_state>",
     "applicationName": "OSDMCRESTApp",
     "showMessageForReAuth": false,
     "USERNAME_PASSWORD": {
       "credentials": [
           "username",
           "password"
       ]
     }
   }

6. Send the first factor along with the responseState parameter from the previous response.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{
       "op":"credSubmit",
       "credentials":{
         "username":"<username>",
         "password":"<password>"
       },
     "requestState": "<Use previously generated requestState>"
     }'

   The response:

   {
     "otpLength": 6,
     "status": "success",
     "ecId": "<ecid>",
     "displayName": "<phone number>",
     "nextAuthFactors": [
       "SMS"
     ],
     "SMS": {
       "credentials": [
         "otpCode"
       ]
     },
     "nextOp": [
       "credSubmit",
       "getBackupFactors",
       "resendCode"
     ],
     "scenario": "AUTHENTICATION",
     "requestState": "<requestState>",
     "trustedDeviceSettings": {
       "trustDurationInDays": 15
     }
   }

7. Send the second factor code that you received by SMS.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{  
       "op":"credSubmit",
       "credentials": {
         "optCode": "<passcode from SMS>"
       }
       "requestState": "<request state from previous step>"
     }'

8. The response contains the authnToken token.

   {
     "authnToken": "<authToken>",
     "status": "success",
     "ecId": "<ecId>"
   }

9. Extract the authnToken.

   export AUTHNTOKEN='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

10. Generate an access token using the authnToken.

    curl -L -X POST "https://$IDCS_FQDN/oauth2/v1/token" \
      --header "Authorization: Basic $AUTHORIZATION_VALUE" \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
      --data-urlencode "scope=osdmc:rest offline_access" \
      --data-urlencode "assertion=$AUTHNTOKEN"

    The response body includes an access_token parameter that contains the access token.

    {
        "access_token": <generated_access_token>,
        "token_type": "Bearer",
        "expires_in": 3600,
        "refresh_token": <refresh_token>
    }

    The token expires after the number of seconds given in the expires_in parameter.

11. Export the access token for convenient use in subsequent requests. Below are 2 ways to do this.

    • Export the token to an variable and use it in subsequent requests.

    export ACCESS_TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'
    curl -L -X GET \
        --header "Authorization: Bearer ${ACCESS_TOKEN}" \
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"

    • Save the token to a file and use reference that file in subsequent requests.

    echo "Authorization: Bearer <access token>" > auth_header.txt
    curl -L -X GET \
        --header @auth_header.txt
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"

Generate a Token for Users with Security Question as the Second Factor

In the following example, the configured second factor authentication is a security question.

During enrollment, three security questions are configured as a second authentication factor.

1. Send a POST request to the /oauth2/v1/token API.

   curl -L -X POST "${IDCS_FQDN}/oauth2/v1/token" \
       --header "Authorization: Basic $AUTHORIZATION_VALUE" \
       --header "Content-Type: application/x-www-form-urlencoded" \
       --data-urlencode 'grant_type=client_credentials' \
       --data-urlencode 'scope=urn:opc:idm:__myscopes__'

2. The response body includes an access_token parameter that contains the access token.

   {
       "access_token": <generated_access_token>,
       "token_type": "Bearer",
       "expires_in": 3600
   }

   The token expires after the number of seconds given in the expires_in parameter.

3. Export the access token to a variable for convenient use in subsequent requests.

   export ACCESS_TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'

4. Initiate the authentication flow.

   curl -L -X GET \
       --header "Authorization: Bearer $ACCESS_TOKEN" \
       "https://$IDCS_FQDN/sso/v1/sdk/authenticate"

5. Extract the first factor from the response. Here the first factor is a username and password.

   {
     "status": "success",
     "ecId": "<ecId>",
     "nextOp": [
       "credSubmit"
     ],
     "nextAuthFactors": [
       "USERNAME_PASSWORD"
     ],
     "keepMeSignedInEnabled": false,
     "requestState": "<request_state>",
     "applicationName": "OSDMCRESTApp",
     "showMessageForReAuth": false,
     "USERNAME_PASSWORD": {
       "credentials": [
           "username",
           "password"
       ]
     }
   }

6. Send the first factor along with the responseState parameter from the previous response.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{
       "op":"credSubmit",
       "credentials":{
         "username":"<username>",
         "password":"<password>"
       },
     "requestState": "<Use previously generated requestState>"
     }'

   The response:

   { 
     "status": "success",
     "ecId": "<ecid>",
     "nextAuthFactors": [
       "SECURITY_QUESTIONS"
     ],
     "SECURITY_QUESTIONS": {
       "credentials": [
         "questionId",
         "answer"
       ],
       "questions": [
         {
           "questionId": "<questionId>",
           "text": "<questionText>"
         }
       ]
     },
     "nextOp": [
       "credSubmit",
       "getBackupFactors"
     ],
     "scenario": "AUTHENTICATION",
     "requestState": "<requestState>",
     "trustedDeviceSettings": {
       "trustDurationInDays": 15
     }
   }

   The response will include a questionId corresponding to one of the three security questions set up during enrollment.

7. Send the second factor by answering the security question.

   curl -L -X POST "https://$IDCS_FQDN/sso/v1/sdk/authenticate" \
     --header "Authorization: Bearer $ACCESS_TOKEN" \
     --header 'Content-Type: application/json' \
     --data '{  
       "op":"credSubmit",
       "credentials": {
         "questions" : [{
           "questionId": "<questionId>",
           "answer": "<answer>"
         }]
       },
       "requestState": "<request state from previous step>"
     }'

8. The response contains the authnToken token.

   {
     "authnToken": "<authToken>",
     "status": "success",
     "ecId": "<ecId>"
   }

9. Extract the authnToken.

   export AUTHNTOKEN='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

10. Generate an access token using the authnToken.

    curl -L -X POST "https://$IDCS_FQDN/oauth2/v1/token" \
      --header "Authorization: Basic $AUTHORIZATION_VALUE" \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
      --data-urlencode "scope=osdmc:rest offline_access" \
      --data-urlencode "assertion=$AUTHNTOKEN"

    The response body includes an access_token parameter that contains the access token.

    {
        "access_token": <generated_access_token>,
        "token_type": "Bearer",
        "expires_in": 3600,
        "refresh_token": <refresh_token>
    }

    The token expires after the number of seconds given in the expires_in parameter.

11. Export the access token for convenient use in subsequent requests. Below are 2 ways to do this.

    • Export the token to an variable and use it in subsequent requests.

    export ACCESS_TOKEN='YWRtaW4sYWRtaW4sMjAxOC0wOC0wOSAxOToyNzowzVmM2FhNGMzZjMyZDlkNWJmYzg4O'
    curl -L -X GET \
        --header "Authorization: Bearer ${ACCESS_TOKEN}" \
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"

    • Save the token to a file and use reference that file in subsequent requests.

    echo "Authorization: Bearer <access token>" > auth_header.txt
    curl -L -X GET \
        --header @auth_header.txt
        "https://<tenant-url>/<tenant-name>/<path-to-resource>"