Obtaining an Access Token
After a user successfully logs in, they access the endpoint to obtain the Access Token. This step is consistent with the OAuth2 protocol. The Token Endpoint's response information includes not only the parameters specified by OAuth2 but also adds an id_token field. User information is encapsulated in the ID token in JWT format.
# Request Specification
POST https://{your_domain}/api/v1/oauth2/token
# Request Headers
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| Authorization | Authentication Information | Required | Basic UnFCMkhKdNOWk9xWA== | Use client_id and client_secret for base64 authentication, format: base64(client_id:client_secret) |
| Content-Type | Data Type | Required | application/x-www-form-urlencoded | Submit parameters using form format |
# Request Example
POST https://{your_domain}/api/v1/oauth2/token
Authorization: Basic UnFCMkhKdGt6bFU...aT0NObkk4NlNOWk9xWA==
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=stRWlW&redirect_uri=http://oidcdemo.bccastle.com/demo/index.jsp
# Request Parameters
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| grant_type | Grant Type | Required | authorization_code | This value is fixed as authorization_code. |
| code | Authorization Code | Required | stRWlW | The authorization code returned in the previous step. After the user successfully logs in, they are redirected to the specified callback address, with the Authorization Code included in the URL. Note: This code expires in 5 minutes. |
| redirect_uri | Callback Address | Optional | http://oidcdemo.bccastle.com /demo/index.jsp | Must be consistent with the redirect_uri passed in the previous step. |
# Return Example
Successful Return Example
HTTP Status: 200 OK
{
"access_token": "Z43T3KWH9lgPRHP8CmnPmC1hU5lyJNw9es8bruLXRmsXaA",
"token_type": "Bearer",
"refresh_token": "WEAFOmOJ-A4LOhF_I39DvJuqxP0o7YznzDQ2adn5yXkFlFA",
"expires_in": 7199,
"scope": "openid",
"id_token": "eyJraWQVlMiIsImFsZOiJodHRwczovL21o...8oEoRsydhg"
}
Callback URL does not match actual configuration
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_grant",
"error_description": "Invalid redirect: [xxx] (xx) does not match one of the registered values."
}
code parameter error
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_grant",
"error_description": "Invalid authorization code: a2W0B8Q"
}
clientSecret authentication failed
HTTP Status: 401 Unauthorized
{
"error": "invalid_client",
"error_description": "Bad client credentials"
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Return Parameters
If the return is successful, the Access Token can be obtained from the return information.
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| access_token | Authorization Token | Required | NObiKQS-cn8AWnZyIMkOvBgHIo8 | The authorization token returned by the authorization server to the third-party application. |
| expires_in | Validity Period of Authorization Token | Required | 7199 | The validity period of the access token returned by the authorization server to the application. Note: The validity period is in seconds. |
| refresh_token | Refresh Token | Optional | wuGzSMMTjb4YhRUOjXHj-t-QD84 | By default, the platform does not return this. |
| token_type | Token Type | Required | Bearer | |
| scope | Authorization Scope | Required | openid | |
| id_token | User Token | Required | eyJhbGciOiJSUzI1NiIsImtp.... | Encapsulates user information in JWT format |
I am ready to receive the Markdown content for translation. Please paste it.