Obtain PKCE Access Token
After user authentication and login authorization, obtain the authorization token Access Token. The Access Token is a required parameter that third-party applications must pass when calling the Zhuyun IDaaS to retrieve user information.
# Request Description
POST https://{your_domain}/api/v1/oauth2/token
# Request Headers
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| Content-Type | Data Type | Required | application/x-www-form-urlencoded | Submit parameters using form-data format |
Note: Do not pass Authorization Bearer token here.
# Request Example
POST https://{your_domain}/api/v1/oauth2/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=stRWlW&code_verifier=lw22ZEI0JwNflL4sjEISwk8
# Request Parameters
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| grant_type | Grant Type | Required | authorization_code | This value is fixed as authorization_code. |
| code | Authorization Code | Required | stRWlW | The authorization code returned from the previous step. If the user logs in successfully, it will redirect to the specified callback address with the Authorization Code in the URL. Note: This code expires in 5 minutes. |
| redirect_uri | Callback Address | Optional | http://oauthdemo.bccastle.com /demo/index.jsp | Must be consistent with the redirect_uri passed in the previous step. |
| code_verifier | PKCE Verification Code | Required | lw22ZEINflL4sjEISwk8 | The application randomly generates a string of 43-128 characters, performs URL-Safe Base64 encoding, and uses the result as code_verifier. This string is then hashed using SHA256 and URL-Safe Base64 encoded, with the result used as code_challenge. |
| client_id | Application Client ID | Required | RqB2HJt9N676qA | The client_id passed during the application authorization request. |
# Return Example
Correct Return Example
HTTP Status: 200 OK
{
"access_token": "Z43T3KWH9lecmy3H1IaCI...XRmsXaA",
"token_type": "Bearer",
"refresh_token": "WEAFOmOJ-A4LOhF_I39DvJuqxP0...XkFlFA",
"expires_in": 7199,
"scope": "get_user_info"
}
Client ID Not Found
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_grant",
"error_description": "Client ID mismatch"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Return Parameters
If the return is successful, the Access Token can be obtained from the returned information.
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| access_token | Authorization Token | Required | cn8AWnZyIMkOvBgHIo8 | The authorization token returned by the authorization server to the third-party application. |
| expires_in | Validity Period of Authorization Token | Required | 7199 | The validity period of the access credential returned by the authorization server to the application. Note: The validity period is in seconds. |
| refresh_token | Refresh Token | wuGzSMMTjb4YhRUOjXH | ||
| token_type | Token Type | Required | Bearer | |
| scope | Authorization Scope | Required | get_user_info |
I am ready. Please provide the Markdown content you need translated.