GetTokenForAuthGrantTypeRequest

Description not available

Properties

string
grant_type Required

The grant type as per OAuth2 specification.

Possible values are: authorization_coderefresh_tokenclient_credentialspasswordclient_delegate


integer as int32
accessTokenValiditySeconds Optional

The validity in seconds for the access token. If a value lower than the client’s accessTokenValiditySeconds is provided, the provided accessTokenValiditySeconds value will be used. Else if an invalid value, a value higher than the client’s accessTokenValiditySeconds, or no value is provided, then the client’s accessTokenValiditySeconds will be used. For example if the client’s default accessTokenValiditySeconds is 5 minutes ie 300 seconds, to get a token with only one minute validity provide accessTokenValiditySeconds as 60


string
code_verifier Optional

A high-entropy cryptographic random key using the characters [A-Z] / [a-z] / [0-9] / ‘-’ / ‘.’ / ‘_’ / ‘~’ with a minimum length of 43 characters and a maximum length of 128 characters which was used to generate ‘code_challenge’ and obtain the authorization code. Required if PKCE was used in the authorization code grant request. For more information, refer the PKCE RFC at https://tools.ietf.org/html/rfc7636


string
code Optional

Auth code parameter. Mandatory for grant_type ‘authorization_code’


integer as int32
maxGroupsInIdToken Optional

The maximum number of groups allowed in the ID token. If the value provided is lower than the client’s registered ‘maxGroupsInIdToken’, the provided value will be used, else if an invalid value, a value higher than the client’s ‘maxGroupsInIdToken’, or no value is provided, then the client’s ‘maxGroupsInIdToken’ will be used. This is only relevant if the client has registered groups related scopes such as ‘group_names’, ‘group_ids’, ‘grpn://…’ or ‘grpid://…’.


string
orgId Optional

Organization ID. Available for grant_type ‘client_credentials’, ‘password’


string
password Optional

The password of the user for whom the token should be returned. Mandatory and available for grant_type ‘password’


string
redirect_uri Optional

Service redirect uri. Mandatory for grant_type ‘authorization_code’


integer as int32
refreshTokenValiditySeconds Optional

The validity in seconds for the refresh token. If a value lower than the client’s refreshTokenValiditySeconds is provided, the provided refreshTokenValiditySeconds value will be used. Else if an invalid value, a value higher than the client’s refreshTokenValiditySeconds, or no value is provided, then the client’s refreshTokenValiditySeconds will be used. For example if the client’s default refreshTokenValiditySeconds is 30 minutes ie 1800 seconds, to get a token with one hour validity provide refreshTokenValiditySeconds as 3600


string
refresh_token Optional

Refresh token parameter. Available for grant_type ‘refresh_token’


string
scope Optional

The list of scopes separated by a space and is URL encoded. Scope parameter can be used to request different scopes. The requested scope must not include any scope not originally granted. If omitted, the returned scopes will be the ones originally granted.


string
subject_token Optional

Required if the grant_type is ‘client_delegate’. A security token that represents the identity of the party on behalf of whom the request is being made. In client_delegate flow, the token provided MUST BE the access token of the user.


string
subject_token_type Optional

Required if the grant_type is ‘client_delegate’. The identifier for the subject token provided as per RFC 8693 https://tools.ietf.org/html/rfc8693#section-3 In ‘client_delegate’ flow, this value MUST BE ‘urn:ietf:params:oauth:token-type:access_token’


string
username Optional

The username value corresponds to the value used when login to the system. Mandatory and available for grant_type ‘password’

JSON Example

{
    "grant_type": "string"
}
Feedback

Was this page helpful?