The OAuth 2.0 Token Endpoint

Use open source libraries to perform OAuth 2.0 and OpenID Connect available for any programming language. You can find a list of libraries here https://oauth.net/code/

application/x-www-form-urlencoded

Request Body

client_id string
code string
grant_type string required

Possible values: [authorization_code, refresh_token]

redirect_uri string
refresh_token string

Responses

• 200
• 400

---

oAuth2TokenExchange

application/json

Schema

Example (from schema)

---

Schema

access_token string

The access token issued by the authorization server.

expires_in int64

The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.

id_token int64

To retrieve a refresh token request the id_token scope.

refresh_token string

The refresh token, which can be used to obtain new access tokens. To retrieve it add the scope "offline" to your access token request.

scope string

The scope of the access token

token_type string

The type of the token issued

{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzpoeWRyYS5qd3QuYWNjZXNzLX2VuIiwidHlwIjoiSldUIn0.eyJhdWQiOltdLCJjbGnRfaWQiOiJxdXJhbi1kZW1vIiwiZXhwIjoxNjc1MjM4MzkzLCJleHQiOnt9LCJpYXQiOjE2NzUyMzQ3OTIsImlzcyI6Imh0dHBzOi8vb2F1dGgyLnF1cmFuLmNvbS8iLCJqdGkiOiI3ODYzZTQ5OC01MTMwLTRjN2QtYjkyMi1iZDY4M2QwZDVjZWMiLCJuYmYiOjE2NzUyMzQ3OTIsInNjcCI6WyJjb2xsZWN0aW9uIiwiYm9va21hcmsiLCJyZWFkaW5nX3Nlc3Npb24iLCJwcmVmZXJlbmNlIiwidXNlciIsIm9wZW5pZCIsIm9mZmxpbmUiXSwic3ViIjoiYTRmNWEwMWEtYTY0MS00YjIzLWJhMDUtZDAwMmI3MDRiZmFhIn0.hlYYxzWxM0Tx2q__7ZPobFA62kjDOquyOqZFyMLF72aGCrhZq4Ov_4fEhPRe67lDdm3auFOoVT-WQW72f9nrbpxems9IdModHkXkOfZiz504qGh68GX13fpddVv1InA4FSncQ1c_NAhDlazNIuF242mQD5q8A2jQkJBAAYDn4bgHBttdHuqegw-UgnVMX1sCZ2qG_z46_2OtKPGJiPuXm4C7LbyGo4dd8P4ImYmOZg5zDV-Cc3fJbFuuYGSenOPHK3BYcv5luf0ilXRFP9NiB1QKpLwa6l-gT61WmxW55Ec2UeYAR_nNbLk5mP78rQ8lq-pG11fTkcfIhMGthh8QcDgbcTE2NIGpBDbqrzjWDxTSiGXtGKNw-kJPoYpLFC5JcCaYrrsSWUXj_38p9SebTraYfr6eEuFvphCZff9I6jt65IVDXLFZKg6kCqtA8DAgrYH9BVn4C3BkQwXOPVVq5omxAL8-hmJZDSwT_FiT2CGkgCk8msy8YNwqmI9kcnTKT-egvQyUN4PpkZA8a-vFfInAxlMsvxmEEGUi1Xsj7V2i6OUrxUZURKtVNixYPJy7-UmBWGhWe0k1aagpspIa-PAqn3mi_untqCQ_wByDpSaqY75R-lu8spnj2TuIB4uZ_Z0JaqbAyL8faF_Bavi4A08W8QIqggwE5d04k9LzCRU",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzpoeWRyYS5vcGVuaWQuaWQtdW4iLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiU2xUUGbnktSkRzdm1nMjNqTDVHZysImF1ZCI6WyJxdXJhbi1kZW1vIl0sImF1dGhfdGltZSI6MTY3NTIzNDc4OCwiZW1haWwiOiJtdWhhamlyZnJhbWVAZ21haWwuY29tIiwiZXhwIjoxNjc1MjM4MzkzLCJmaXJzdF9uYW1lIjoiTXVoYW1tYWQiLCJpYXQiOjE2NzUyMzQ3OTMsImlzcyI6Imh0dHBzOi8vb2F1dGgyLnF1cmFuLmNvbS8iLCJqdGkiOiIxMzUzYWIyYi0zZjRlLTQwZDQtYjlmNi0zYjllOWRhYmIxOWUiLCJsYXN0X25hbWUiOiJNdWhhamlyIiwicmF0IjoxNjc1MjM0Nzg2LCJzaWQiOiJjZTJhZTIxYi04N2VkLTQwZmItYjRjOC05MzI0ZGM4OThkZjciLCJzdWIiOiJhNGY1YTAxYS1hNjQxLTRiMjMtYmEwNS1kMDAyYjcwNGJmYWEifQ.dJuUdVszxahMmIEN5_bYfUgrdqK94ZPU9PbLm0fpnmDDd21kHl6jd62p4KROW3vCVJY9-tbBtdul9f90qUap7G0v-396s4TuBq5pl6Dx1XSxr8buW04RPxNkpBcdxzEtggpFYCRj9vuilcBekgHSg305YWyL1DW8tRiNyqU_3AJze786t6LPjHPoTKdUCxKW-bS3hDEB1vznKmtHpOUXhUECy-kFV_YLBVOJiKsR2peyCa65wrKZDn5L1qrVQLuTSOBawJRCxu3M9Sr_p3kud26AvRKNjlxWRcspxLOlRy2QuOaz1q0l0R7WHrvQkqhX1ZYLf4ukBTtbG0HeXIi6grXMK4ZSw04N-uBW_zDNwpaQOr7hU7yJc2_wopeDrshElEgvszMzUfyg4RXE_XmHym1ZfaVli_gJcsTcBguZgKw8UvmqL0_QZgKAEqNfQZE_GazFIvtSRBQ_Zl9pqZCyMgAN4dz_cBJc-3GqR-nsMaj6Zz5fqQxkqrUwMAwX3bulnp5KQBg42YOeNAGoP_SpKrjaZrZJsVbM7UNFHiGT6QvkLAbcgq1ysWuUDEqNinGKLGcOzFMoX1tCwvc_1fEwkw9VYbSjE2Ep_UcY6PI468iGQacpmyxBzUhTBajNT1DZZejTYNYbxEnlitlGF6lE4AYFwBlHk_RLd3zOZWjp5kA",
  "refresh_token": "WVHJVqgSIf8Vsqf0k71vGCbkjPaoP_w5BMu_ektC36c.UI9w16x-XFQueGJOWp-c1BUyd1tBbjXnsvza_YxhxBE",
  "scope": "collection bookmark reading_session preference user openid offline",
  "token_type": "bearer",
  "expires_at": "2023-02-01T07:59:53.167Z"
}

errorOAuth2

application/json

Schema

Example (from schema)

---

Schema

error string

Error

error_debug string

Error Debug Information

Only available in dev mode.

error_description string

Error Description

error_hint string

Error Hint

Helps the user identify the error cause.

status_code int64

HTTP Status Code

{
  "error": "invalid_client",
  "error_debug": "string",
  "error_description": "Client+authentication+failed+%28e.g.%2C+unknown+client%2C+no+client+authentication+included%2C+or+unsupported+authentication+method%29.+The+requested+OAuth+2.0+Client+does+not+exist.",
  "error_hint": "The redirect URL is not allowed.",
  "status_code": 401
}

Loading...