Simple implementation of Okta oauth2 /token endpoint. See https://developer.okta.com/docs/api/resources/oidc#token for the original api reference.
This endpoint only supports authorization_code grant type, and will only return the access_token in the response.
POST ${baseUrl}/v1/token
| Parameter | Description | Type |
|---|---|---|
| code | Required, is what was returned from the authorization endpoint. The code has a lifetime of 60 seconds. | String |
| client_id | Required | String |
| client_secret | Required, This client secret is used in conjunction with client_id to authenticate the client application. | |
| grant_type | Required, Can only be authorization_code. | String |
| Property | Description | Type |
|---|---|---|
| access_token | An access token. length of 11, starting with tdd |
String |
| Error Id | Details |
|---|---|
| invalid_client (401) | The specified client id wasn’t found. |
| invalid_grant (401) | The code, refresh_token, or username and password combination is invalid, or the redirect_uri does not match the one used in the authorization request. |
| invalid_request (400) | The request structure was invalid.eg, mandatory fields are not passed, etc |
| unsupported_grant_type (400) | The grant_type isn’t authorization_code |
{
"access_token" : "tddc567aed3"
}
HTTP 401 Unauthorized
Content-Type: application/json;charset=UTF-8
{
"error" : "invalid_client",
"error_description" : "No client credentials found."
}