This API has a deprecated equivalent from v7.0U1.
Issue Token
Provides a token endpoint as defined in RFC 6749. Supported grant types:
- urn:ietf:params:oauth:grant-type:token-exchange - Exchanges incoming token based on the spec and current client authorization data.
This operation supercedes com.vmware.vcenter.tokenservice.TokenExchange#exchange. The REST rendering of the newer operation matches RFC8693’s definition for both input and output of the operation.
Request
URLURL
https://{api_host}/api/vcenter/authentication/token
Header Parameters
Header Parameters
string
vmware-api-session-id
Required
Required session ID, obtained by first calling Create Session API
Request Body
Request Body
AuthenticationTokenIssueSpec of mimetype application/x-www-form-urlencoded
Required
Token.IssueSpec structure containing arguments that define the exchange process. The Token.IssueSpec structure contains arguments required for token exchange.
(The request body parameter is missing description)
Response
Response
Response BodyResponse Body
200 OK returns
Oauth2TokenInfo of type application/json
TokenInfo structure that contains a newly issued token.
{
"access_token": "string",
"expires_in": 0,
"issued_token_type": "string",
"refresh_token": "string",
"scope": "string",
"token_type": "string"
}
string
access_token
Required
The access token issued by the authorization server.
string
token_type
Required
A case-insensitive value specifying the method of using the access token issued.
integer
expires_in
Optional
The validity lifetime, in seconds, of the token issued by the server. unset if not applicable for issued token.
string
issued_token_type
Optional
An identifier which indicates the type of the access token in the TokenInfo.access-token field. unset if not the result of a token-exchange invocation; otherwise, required.
string
refresh_token
Optional
The refresh token, which can be used to obtain new access tokens. unset if not applicable to the specific request.
string
scope
Optional
Scope of the issued access token. The value of the scope parameter is expressed as a list of space- delimited, case-sensitive strings. The strings are defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope. unset if the scope of the issued security token is identical to the scope requested by the client.
cURL Command
curl -X POST -H "vmware-api-session-id: b00db39f948d13ea1e59b4d6fce56389" -H "Content-Type: application/x-www-form-urlencoded" -d '{"actor_token":"string","actor_token_type":"string","audience":"string","grant_type":"string","requested_token_type":"string","resource":"string","scope":"string","subject_token":"string","subject_token_type":"string"}' https://{api_host}/api/vcenter/authentication/token
Errors
400
com.vmware.vcenter.oauth2.errors.invalid_request : if Token.IssueSpec is missing a required field, includes an unsupported field value (other than Token.IssueSpec.grant-type). | com.vmware.vcenter.oauth2.errors.invalid_grant : provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. | com.vmware.vcenter.oauth2.errors.invalid_scope : If the server is unwilling or unable to issue a token for all the target services indicated by the Token.IssueSpec.resource or Token.IssueSpec.audience fields.
Availability
Added in 7.0U2
