Contents x
    exchange a grant code or refresh token for a JWT
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    exchange a grant code or refresh token for a JWT

    • 1 Minute to read
    • Print
    • Dark
      Light
    Article summary

    Post
    /oauth/token

    This allows the client to exchange a previously obtained grant code or refresh token for an access token for immediate use and a refresh token for subsequent requests.

    It may return an updated refresh token, in which case the stored refresh token should be updated

    The redirect URI must be set to urn:ietf:wg:oauth:2.0:oob:auto

    When exchanging a grant code from the authorize endpoint:

    • set grant_type to authorization_code
    • set code to the code returned by the authorize endpoint

    When refreshing a token:

    • set grant_type to refresh_token
    • set refresh_token to the previously obtained refresh token
    Security
    API Key
    Header parameter namex-api-key
    API Key
    Header parameter namex-dressipi-jwt

    The JWT for the user

    Body parameters
    object
    redirect_uri
    string Required
    Valid values[ "urn:ietf:wg:oauth:2.0:oob:auto" ]
    grant_type
    string Required
    Valid values[ "authorization_code", "refresh_token" ]
    code
    string

    the authorization_code previously obtained

    refresh_token
    string

    the refresh_token previously obtained

    client_id
    string Required

    the api client id supplied by dressipi

    code_verifier
    string

    for authorization_code requests, the code_verifier that was used to generate the associated code_challenge

    Responses
    200

    The generated tokens

    object

    This allows the client to exchange a previously obtained grant code or refresh token for an access token for immediate use and a refresh token for subsequent requests.

    It may return an updated refresh token, in which case the stored refresh token should be updated

    The redirect URI must be set to urn:ietf:wg:oauth:2.0:oob:auto

    When exchanging a grant code from the authorize endpoint:

    • set grant_type to authorization_code
    • set code to the code returned by the authorize endpoint

    When refreshing a token:

    • set grant_type to refresh_token
    • set refresh_token to the previously obtained refresh token
    access_token
    string

    The access token for the user

    ExampleeyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1NzE5OTQ2NzIsImlhdCI6MTU3MTkwODI3Miwic3ViIjoiOTQxNzMifQ.mb3ur-cCDbApKU1j24SkjgR7AjLNGQ2pHkJdpfKtY28
    refresh_token
    string

    The refresh token for the user

    ExampleWzEsWzk0MTczXSwiaGF5ZFJDalRqX1R6RlhzQnlrnXoiLCIxNTcx1TA4MjcyLjM4NDM0NCJd--df2b0e0d9fc63bf536ba2bb807ec7b0d127145ba
    expires_in
    integer (int32)

    The lifetime of the token, in seconds

    Example86400
    token_type
    string

    The access_token type (this will always be Bearer)

    ExampleBearer
    400

    oauth2 error

    object

    Generic oauth error object

    error
    string

    The error code (one of the error codes defined by https://tools.ietf.org/html/rfc6749#section-4.1

    Exampleinvalid_request
    error_description
    string

    A human readable description of the error

    Was this article helpful?
    What's Next