Overview#
OAuth Token Request process requires the OAuth Client to present the Authorization Grant (in the form of an Authorization Code) to the token_endpoint using the grant_type value authorization_code, as described in Section 4.1.3 of OAuth 2.0 RFC 6749.The OAuth Client MUST authenticate to the token_endpoint using the HTTP Basic method, as described in 2.3.1 of RFC 6749. (This method is the one identified by using the client_secret_basic authentication method value in OpenID Connect Discovery 1.0 OpenID.Discovery).
The Client sends the parameters to the token_endpoint using the HTTP POST method and the Form Serialization, per Section 3.2, as described in Section 4.1.3 of OAuth 2.0 RFC 6749.
Communication with the token_endpoint MUST utilize TLS. See Section 7.1 for more information on using TLS.
The following is a non-normative example of such a Token Request (with line wraps for the display purposes only):
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
More Information#
There might be more information for this subject on one of the following:- [#1] - 2.1.6.1. Client Sends Code
- based on information obtained 2018-02-19-
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!