生成JWT

post/oauth2/token

Use this call:

To get a user JWT.
To refresh the JWT when it expires. Works only if scope=offline is passed in the registration or authentication call.
To get a server JWT. The user participation isn’t needed.
To exchange user JWT for a new one with different scope.

Usage of this call depends on the value of the grant_type parameter.

Request

Request Body schema: application/x-www-form-urlencoded

grant_type required	string The type of getting the JWT. Can be: `authorization_code` to exchange the code received in the authentication call to the JWT. The value of the `code` parameter must be specified. `refresh_token` to get the refreshed JWT when the previous value is expired. The value of the `refresh_token` parameter must be specified. `client_credentials` to get the server JWT. The values of the `client_id` and `client_secret` parameters must be specified. `urn:ietf:params:oauth:grant-type:token_exchange` to exchange existing user JWT with different scope.
client_id required	string 您的应用程序ID。此参数的值取决于`grant_type`参数的值：如果是`authorization_code`，则创建OAuth 2.0客户端并使用其客户端ID。如果是`client_credentials`，请联系您的客户成功经理来创建服务器OAuth 2.0客户端并获取其客户端ID。请注意，`client_secret`和`client_id`参数的值应该来自同一客户端。
refresh_token	string 在响应此调用（其中`grant_type`参数中的值为`authorization_code` 或`refresh_token`）的最后一个请求时收到的此参数的值。如果`grant_type=refresh_token`则为必需。
client_secret	string 您的密钥。此参数的值取决于`grant_type`参数的值：如果是`authorization_code`，则创建OAuth 2.0客户端并使用其密钥。如果创建了具有机密认证类型的OAuth 2.0客户端，此参数为必需。如果是`client_credentials`，请联系您的客户成功经理来创建服务器OAuth 2.0客户端并获取其密钥。对于该客户端类型，此参数为必需。请注意，`client_secret`和`client_id`参数的值应该来自同一客户端。
redirect_uri	string
code	string 交换给JWT的认证代码。如果`grant_type=authorization_code`则为必需。
code_verifier	string 用于PKCE请求的代码验证器（应用程序最初在授权请求之前生成）。
audience	string 可应用令牌的域列表
scope	string A list of space-delimited, case-sensitive strings, as defined in Section 3.3 of [RFC6749], that allow the client to specify the desired scope of the requested security token in the context of the service or resource where the token will be used. The values and associated semantics of scope are service specific and expected to be described in the relevant service documentation
subject_token	string A security token that represents the identity of the party on behalf of whom the request is being made. Typically, the subject of this token will be the subject of the security token issued in response to the request.
subject_token_type	string A security token that represents the identity of the party on behalf of whom the request is being made. Typically, the subject of this token will be the subject of the security token issued in response to the request. Value: "access_token"
actor_token	string A security token that represents the identity of the acting party. Typically, this will be the party that is authorized to use the requested security token and act on behalf of the subject.
actor_token_type	string An identifier, as described in Section 3, that indicates the type of the security token in the actor_token parameter. This is REQUIRED when the actor_token parameter is present in the request but MUST NOT be included otherwise. Value: "server_token"

Responses

200

确定

400

错误的请求

404

未找到

418

我是茶壶

422

无法处理的实体

429

请求过多

Request samples

application/x-www-form-urlencoded

refresh_token=string&grant_type=string&client_secret=string&client_id=string&redirect_uri=string&code=string&code_verifier=string&audience=string&scope=string&subject_token=string&subject_token_type=access_token&actor_token=string&actor_token_type=server_token

Response samples

application/json

{"access_token": "2YotnFZFEjr1zCsicMWpAA",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"scope": "email user_profile",
"token_type": "bearer"
}