jspωiki
OAuth Token Request

Overview#

OAuth Token Request process requires the OAuth Client to present the Authorization Grant (in the form of an Authorization Code) to the token_endpoint using the grant_type value authorization_code, as described in Section 4.1.3 of OAuth 2.0 RFC 6749.

The OAuth Client MUST authenticate to the token_endpoint using the HTTP Basic method, as described in 2.3.1 of RFC 6749. (This method is the one identified by using the client_secret_basic authentication method value in OpenID Connect Discovery 1.0 OpenID.Discovery).

The Client sends the parameters to the token_endpoint using the HTTP POST method and the Form Serialization, per Section 3.2, as described in Section 4.1.3 of OAuth 2.0 RFC 6749.

Communication with the token_endpoint MUST utilize TLS. See Section 7.1 for more information on using TLS.

The following is a non-normative example of such a Token Request (with line wraps for the display purposes only):

POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
    &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

More Information#

There might be more information for this subject on one of the following: