Token endpoint
POST/realms/:realmId/protocol/openid-connect/token
The token endpoint is used to obtain an access token, and, optionally an id token by setting the scope parameter to one of the possible values. The body must include the grant_type and client_id parameters and, depending on the grant_type parameter value, additional parameters as explained below:
grant_type=authorization_code: The request is sent in the step 5 of the Authorization Code Flow.. Thecode,redirect_uriand, if a code challenge was included at the authorization request,code_verifierfields also need to be included in that case.grant_type=password: This grant type is used for the Resource Owner Password Credentials Flow. In this flow, theclient_secret,usernameandpasswordfields must be included in the request.grant_type=client_credentials: This grant type is used for the Client Credentials Flow. Theclient_secretmust be include in the request.grant_type=refresh_token: Set to refresh a token. The request must include therefresh_token.
access_token, a refresh_token and an id_token.Request
Path Parameters
realmId stringrequired
The realm's id
- application/x-www-form-urlencoded
Body
required
client_id stringrequired
client_secret string
refresh_token string
username string
password string
redirect_uri string
code_verifier string
code string
grant_type stringrequired
Possible values: [authorization_code, client_credentials, password, refresh_token]
scope stringrequired
Possible values: [openid]
Responses
- 200
- 401
- 404
OK
- application/json
- Schema
- Example (from schema)
Schema
access_token string
expires_in number
refresh_token string
refresh_expires_in number
token_type string
not-before-policy number
scope string
id_token string
{
"access_token": "string",
"expires_in": 0,
"refresh_token": "string",
"refresh_expires_in": 0,
"token_type": "string",
"not-before-policy": 0,
"scope": "string",
"id_token": "string"
}
Unauthorized client
Not Found
Loading...