Use this call:
scope=offline
is passed in the registration or authentication call.Usage of this call depends on the value of the grant_type
parameter.
grant_type required | string The type of getting the JWT. Can be:
|
client_id required | string Your application ID. The value for this parameter depends on the value of the
Note that values for |
refresh_token | string Value of this parameter received in the response to the last request of this call with |
client_secret | string Your secret key. The value for this parameter depends on the value of the
Note that values for |
redirect_uri | string |
code | string Authentication code that is exchanged to a JWT. Required if |
code_verifier | string The code verifier for the PKCE request, that the app originally generated before the authorization request. |
audience | string List of domains for which token can be applied |
scope | string A list of space-delimited, case-sensitive strings, as defined in Section 3.3 of [RFC6749], that allow the client to specify the desired scope of the requested security token in the context of the service or resource where the token will be used. The values and associated semantics of scope are service specific and expected to be described in the relevant service documentation |
subject_token | string A security token that represents the identity of the party on behalf of whom the request is being made. Typically, the subject of this token will be the subject of the security token issued in response to the request. |
subject_token_type | string A security token that represents the identity of the party on behalf of whom the request is being made. Typically, the subject of this token will be the subject of the security token issued in response to the request. |
actor_token | string A security token that represents the identity of the acting party. Typically, this will be the party that is authorized to use the requested security token and act on behalf of the subject. |
actor_token_type | string An identifier, as described in Section 3, that indicates the type of the security token in the actor_token parameter. This is REQUIRED when the actor_token parameter is present in the request but MUST NOT be included otherwise. |
OK
Bad Request
Not Found
I’m a teapot
Unprocessable Entity
Too Many Requests
refresh_token=string&grant_type=string&client_secret=string&client_id=string&redirect_uri=string&code=string&code_verifier=string&audience=string&scope=string&subject_token=string&subject_token_type=access_token&actor_token=string&actor_token_type=server_token
{- "access_token": "2YotnFZFEjr1zCsicMWpAA",
- "expires_in": 3600,
- "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
- "scope": "email user_profile",
- "token_type": "bearer"
}