Token (authorization_code) (PRIVATE_KEY_JWT)
POST {{authPath}}/{{envID}}/as/tokenThe token endpoint is used by the client to obtain an access token by presenting its authorization grant. Note that authentication requirements to this endpoint are configured by the application’s tokenEndpointAuthMethod property. For authorization_code and client_credentials grants, the application calls the POST /{{envID}}/as/token endpoint to acquire the access token.
For an authorization_code grant type in which the application’s tokenEndpointAuthMethod is set to PRIVATE_KEY_JWT, the token endpoint uses a JWT signed by an external private key file. For information about creating the JWT (signed by the private key file) and the claims in the JWT, refer to Create a private key JWT. Token requests that use this auth method require the client_assertion and client_assertion_type OAuth properties to specify the JWT.
Request Model
| Property | Type | Required? |
|---|---|---|
|
String |
Required |
|
String |
Required |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Required |
|
String |
Required |
|
String |
Required |
Refer to the OpenID Connect/OAuth2 data model for full property descriptions.
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{authPath}}/{{envID}}/as/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code={{authCode}}' \
--data-urlencode 'redirect_uri=https://www.google.com' \
--data-urlencode 'client_assertion={{privateKeyJWT}}' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer'var options = new RestClientOptions("{{authPath}}/{{envID}}/as/token")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("grant_type", "authorization_code");
request.AddParameter("code", "{{authCode}}");
request.AddParameter("redirect_uri", "https://www.google.com");
request.AddParameter("client_assertion", "{{privateKeyJWT}}");
request.AddParameter("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{authPath}}/{{envID}}/as/token"
method := "POST"
payload := strings.NewReader("grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com&client_assertion=%7B%7BprivateKeyJWT%7D%7D&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer")
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /{{envID}}/as/token HTTP/1.1
Host: {{authPath}}
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com&client_assertion=%7B%7BprivateKeyJWT%7D%7D&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearerOkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "grant_type=authorization_code&code={{authCode}}&redirect_uri=https://www.google.com&client_assertion={{privateKeyJWT}}&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
Request request = new Request.Builder()
.url("{{authPath}}/{{envID}}/as/token")
.method("POST", body)
.addHeader("Content-Type", "application/x-www-form-urlencoded")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{authPath}}/{{envID}}/as/token",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data": {
"grant_type": "authorization_code",
"code": "{{authCode}}",
"redirect_uri": "https://www.google.com",
"client_assertion": "{{privateKeyJWT}}",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{authPath}}/{{envID}}/as/token',
'headers': {
'Content-Type': 'application/x-www-form-urlencoded'
},
form: {
'grant_type': 'authorization_code',
'code': '{{authCode}}',
'redirect_uri': 'https://www.google.com',
'client_assertion': '{{privateKeyJWT}}',
'client_assertion_type': 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
}
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
url = "{{authPath}}/{{envID}}/as/token"
payload = 'grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com&client_assertion=%7B%7BprivateKeyJWT%7D%7D&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer'
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/token');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/x-www-form-urlencoded'
));
$request->addPostParameter(array(
'grant_type' => 'authorization_code',
'code' => '{{authCode}}',
'redirect_uri' => 'https://www.google.com',
'client_assertion' => '{{privateKeyJWT}}',
'client_assertion_type' => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
));
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "net/http"
url = URI("{{authPath}}/{{envID}}/as/token")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/x-www-form-urlencoded"
request.body = "grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com&client_assertion=%7B%7BprivateKeyJWT%7D%7D&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"
response = http.request(request)
puts response.read_bodylet parameters = "grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com&client_assertion=%7B%7BprivateKeyJWT%7D%7D&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/token")!,timeoutInterval: Double.infinity)
request.addValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()