post

/oauth2/token

Exchanges the user authentication code to JWT (access_token). This method can be used in the following scripts:

  • To exchange the user authentication code to JWT, grant_type=authorization_code and code are required.
  • To refresh the JWT when it is expired if your application needs access to Login API beyond the JWT expiration period. Works only if scope=offline in the registration or authentication method. grant_type=refresh_token and refresh_token received in the response of the first script are required.
  • To get the server JWT without user participation, grant_type=client_credentials, client_id and client_secret are required.

Request Body

Form data (application/x-www-form-urlencoded)
refresh_token
string

The refresh_token value received in the response to the last call of this method. Required if grant_type is ‘refresh_token’.

grant_type
string

The type of getting the JWT. Can be:

  • authorization_code to exchange the code received in the method to JWT. The code value must be specified.
  • refresh_token to get the refreshed JWT when the previous value is expired. The refresh_token value must be specified.
  • client_credentials to get the server JWT without user participation, the client_id and client_secret values must be specified.
required
client_secret
string

Your secret key hashed according to the bcrypt algorithm. You got it after sending the request to enable OAuth 2.0. To get your secret key again, please contact your Account Manager.

client_id
string

Your application ID. You will get it after sending the request to enable the OAuth 2.0 protocol. To get your application ID again, please contact your Account Manager.

required
redirect_uri
string

URL to redirect the user to after account confirmation, successful authentication or password reset confirmation. To set up this parameter, please contact your Account Manager.

code
string

User authentication code that will be exchanged to a JWT. Required if grant_type is ‘authorization_code’.

Responses

OK

1 Example
Schema
object
access_token
string

User JWT.

required
expire_in
integer

JWT expiration period in seconds. You can configure it in Publisher Account > your Login project > General settings > JWT expiration.

refresh_token
string

Refresh the token for updating the access_token.

token_type
string

JWT type. Can be ‘bearer’.

required

Send a Test Request

Send requests directly from the browser (CORS must be enabled)
$$.env
No $$.env variables are being used in this request.