Create Access Token Flow
post
/oauth2/rest/token
Request
Supported Media Types
- application/x-www-form-urlencoded
Header Parameters
-
authorization: string
Base64 encoded header of clientID:secret. This is an authentication mechanism for the Confidential Clients. Client Authentication can be specified through this header or ClientAssertionTokens. Either one of these mechanisms should be used.
-
x-oauth-identity-domain-name: string
Identity Domain under which the token is being requested.
Form Parameters
-
assertion: string
User Assertion token.Mandatory parameter in case GrantType is JWT_BEARER.
-
client_assertion: string
Client Assertion token. This is mandatory if the Client Authentication mechanism is via the ClientAssertionToken. If this is passed, then the authorization header is not required.
-
client_assertion_type: string
Type of client assertion. This is mandatory if the Client Authentication mechanism is via the ClientAssertionToken. If this is passed, then the authorization header is not required.Allowed Values:
[ "JWT_BEARER", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" ] -
code: string
Authorization Code obtained.Mandatory parameter in case GrantType is AUTHORIZATION_CODE.
-
grant_type: string
Grant Type for the Access Token RequestAllowed Values:
[ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "PASSWORD", "JWT_BEARER", "REFRESH_TOKEN" ] -
password: string
Password of resource owner.Mandatory parameter in case GrantType is PASSWORD.
-
redirect_uri: string
Redirect URI.Mandatory parameter in case GrantType is AUTHORIZATION_CODE.
-
refresh_token: string
Refresh Token played to generate the new Access Token.Mandatory parameter in case GrantType is REFRESH_TOKEN.
-
scope: string
Scope requested in the Access Token. In case of REFRESH_TOKEN flows, defaulted to the values in the RefreshToken if not specified.Default Value:
DefaultScope defined for Client -
username: string
Username of resource owner. Mandatory parameter in case GrantType is PASSWORD.
Response
Supported Media Types
- application/json
200 Response
Access Token was generated successfully
Root Schema : AccessToken
Type:
Show Source
object-
access_token:
string
Access Token Generated
-
expires_in:
integer
Time before the Access Token expires
-
refresh_token:
string
Refresh Token Generated if enabled. This is also generated only for GrantType - AUTHORIZATION_CODE and PASSWORD
-
token_type:
string
Type of token generated. eg:- Bearer
400 Response
Bad Request
Root Schema : ErrorCode
Type:
Show Source
object-
errorCode:
string
Error Code Generated
-
errorDesc:
string
Translated Error Description
-
secErrorDesc:
string
Secondary Error Message
Examples
The following cURL command shows a sample request against the server for creating access tokens using Resource Owner Credentials in 2 - Legged Flows.
Note:
Headers of interest in requests
-
Authorization : Base64 Url encoded ClientID:secret combination.
-
X-OAUTH-IDENTITY-DOMAIN-NAME: Identity Domain that the client belongs to.
cURL Example
curl -i -H 'Authorization: Basic U1NPTGlua0NsaWVudDp3ZWxjb21lMQ==' -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -H "X-OAUTH-IDENTITY-DOMAIN-NAME: SSOLink" --request POST http://<ManagedServerHost>:<ManagedServerPort>/oauth2/rest/token -d 'grant_type=PASSWORD&username=weblogic&password=welcome1&scope=SSOLink.link1'