Obtain Access Token
After user authentication and login authorization, obtain the authorization token Access Token. The Access Token is a required parameter that third-party applications must pass when calling Bamboo Cloud IDaaS to retrieve user information.
# Request Description
POST https://{your_domain}/api/v1/oauth2/token
# Request Headers
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| Authorization | Authentication Information | Required | Basic UnFCMkhKdNOWk9xWA== | Use client_id and client_secret for base64 authentication, format: base64(client_id:client_secret) |
| Content-Type | Data Type | Required | application/x-www-form-urlencoded | Submit parameters using form format |
# Request Example
POST https://{your_domain}/api/v1/oauth2/token
Authorization: Basic UnFCMkhKdGt6bFU...aT0NObkk4NlNOWk9xWA==
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=stRWlW&redirect_uri=http://oauthdemo.bccastle.com/demo/index.jsp
# Request Parameters
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| grant_type | Grant Type | Required | authorization_code | This value is fixed as authorization_code. |
| code | Authorization Code | Required | stRWlW | The authorization code returned in the previous step. After the user successfully logs in, they are redirected to the specified callback address, with the Authorization Code included in the URL. Note that this code expires within 5 minutes. |
| redirect_uri | Callback Address | Optional | http://oauthdemo.bccastle.com /demo/index.jsp | Must be consistent with the redirect_uri passed in the previous step. |
# Return Example
Correct Return Example
HTTP Status: 200 OK
{
"access_token": "Z43T3KWH9lecmy3H1IaCI...XRmsXaA",
"token_type": "Bearer",
"refresh_token": "WEAFOmOJ-A4LOhF_I39DvJuqxP0...XkFlFA",
"expires_in": 7199,
"scope": "get_user_info"
}
code parameter is empty
HTTP Status: 400 BAD REQUEST{
"error": "invalid_request",
"error_description": "An authorization code must be supplied."
}
code parameter error
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_grant",
"error_description": "Invalid authorization code: a2W0B8Q"
}
clientSecret authentication failed
HTTP Status: 401 Unauthorized
{
"error": "invalid_client",
"error_description": "Bad client credentials"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Return Parameters
If the return is successful, the Access Token can be obtained from the return information.
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| access_token | Authorization Token | Required | NObiKQS-cn8AWnZyIMkOvBgHIo8 | The authorization token returned by the authorization server to the third-party application. |
| expires_in | Validity Period of Authorization Token | Required | 7199 | The validity period of the access credential returned by the authorization server to the application. Note: The validity period is in seconds. |
| refresh_token | Refresh Token | Optional | wuGzSMMTjb4YhRUOjXHj-t-QD84 | Not returned by default by the platform. When the refresh_token validity period configured in the IDaaS application interface is greater than or equal to the access_token validity period, the refresh_token will be returned in the Get Access Token interface. |
| token_type | Token Type | Required | Bearer | |
| scope | Authorization Scope | Required | get_user_info |
I am ready. Please provide the Markdown content you wish to have translated into English.