Token Endpoint¶
The token endpoint can be used to programmatically request tokens.
It supports the password, authorization_code, client_credentials, refresh_token and urn:ietf:params:oauth:grant-type:device_code grant types.
Furthermore the token endpoint can be extended to support extension grant types.
Note
IdentityServer supports a subset of the OpenID Connect and OAuth 2.0 token request parameters. For a full list, see here.
client_idclient identifier (required – Either in the body or as part of the authorization header.)
client_secretclient secret either in the post body, or as a basic authentication header. Optional.
grant_typeauthorization_code,client_credentials,password,refresh_token,urn:ietf:params:oauth:grant-type:device_codeor customscopeone or more registered scopes. If not specified, a token for all explicitly allowed scopes will be issued.
redirect_urirequired for the
authorization_codegrant typecodethe authorization code (required for
authorization_codegrant type)code_verifierPKCE proof key
usernameresource owner username (required for
passwordgrant type)passwordresource owner password (required for
passwordgrant type)acr_valuesallows passing in additional authentication related information for the
passwordgrant type - identityserver special cases the following proprietary acr_values:idp:name_of_idpbypasses the login/home realm screen and forwards the user directly to the selected identity provider (if allowed per client configuration)tenant:name_of_tenantcan be used to pass a tenant name to the token endpointrefresh_tokenthe refresh token (required for
refresh_tokengrant type)device_codethe device code (required for
urn:ietf:params:oauth:grant-type:device_codegrant type)
Example¶
POST /connect/token
CONTENT-TYPE application/x-www-form-urlencoded
client_id=client1&
client_secret=secret&
grant_type=authorization_code&
code=hdh922&
redirect_uri=https://myapp.com/callback
(Form-encoding removed and line breaks added for readability)
Note
You can use the IdentityModel client library to programmatically access the token endpoint from .NET code. For more information check the IdentityModel docs.