Authorization Code
This section describes how to procure an access token for authorization using the authorization code as a grant type.
Resource Informations
| Name | Value | Description |
|---|---|---|
| Requires authentication? | Yes | ClientID is required for this authentication |
| Rate limited? | No | Rate limited indicate how many requests a client can make in a time period |
Request
Request headers
| Key | Value | Description |
|---|---|---|
| Content-Type | application/x-www-form-urlencoded | Method for sending name-value pairs data to the server, such as the information you typed into a HTML form. |
HTTP request
POST https://{tenantId}.{hostname}/auth/realms/{tenantId}/protocol/openid-connect/token
note
API requests must be made over https. Calls made over plain http will fail.
Request body (*Required)
| Parameter Name | Type | Description |
|---|---|---|
| grant_type* | String | The grant type should be authorization_code. |
| client_id* | String | The Client ID for which the access token is to be generated. |
| code* | String | Unique code generated after the final authorization point. You must first acquire an authorization code before requesting an access token, if you are utilizing the authorization code grant type flow Click Here. |
| redirect_uri* | String | Enter the final authorization point for your authorization server. |
Sample Request
curl --location --request POST 'https://{tenantId}.{hostname}/auth/realms/{tenantId}/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=test' \
--data-urlencode 'code=fe5a6d3f-6f49-4fee-9063-b07a2fb8175b.38572ecd-5afa-4a20-8ca9-271716fd0c0b.7de9afe4-5e3b-4f62-a81c-57f0f71c0a9d' \
--data-urlencode 'redirect_uri=https%3A%2F%2dtest.com'
Response
| Parameter Name | Type | Description |
|---|---|---|
| access_token | String | The newly created access token. |
| expires_in | Integer | Validity of the access token in seconds. |
| refresh_expires_in | Integer | Validity of the refresh token in seconds. |
| refresh_token | String | The new refresh token. |
| token_type | String | Indicates access token type. |
| not-before-policy | Integer | not-before policy ensures that any tokens issued before that time become invalid |
| session_state | Integer | The Client ID salted cryptographic hash, the root URL, and the browser state are all included in the session state value. Basically session_state value is used to monitor end user sessions. |
| scope | String | The scope requested for the token. |
Sample Response
{
"access_token": String,
"expires_in": Integer,
"refresh_expires_in": Integer,
"refresh_token": String,
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": String,
"scope": String
}
Response Status Information
| Status Code | Status | Message |
|---|---|---|
| 200 | OK | OK |
| 400 | Bad Request | Code not valid |
| 401 | Unauthorized | HTTP 401 Unauthorized |
| 404 | Not Found | Realm does not exist |