This policy is used to create a Token endpoint project to generate access tokens. The token endpoint API is used by the client to obtain an access token by presenting its authorization grant or refresh token along with valid credentials.
In case of Client Credentials, grant type request only credentials are sufficient to obtain an access token. In general, one instance of Token end point API project is sufficient for entire API Management Product.
Configuration
Figure 2: OAuth Token End Policy Configuration attributes
The property that has to be configured to use the policy is described below.
Property | Description |
---|---|
Access Token Expiry Time | Provide required expiry time to the generated access token |
The Request for OAuth Token End Point has to be constructed with the following parameters using POST
If the grant type is Authorization Code:
query parameters:
- grant_type: This parameter is REQUIRED. The value MUST be set to "authorization_code".
form-urlencoded parameters:
- code: This parameter is REQUIRED. The authorization code received from the authorization server.
- client_id: This parameter is REQUIRED. Specify consumer key generated in client subscription.
If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token.
If the grant type is Resource Owner Password Credentials:
query parameters:
- grant_type: This parameter is REQUIRED. The value MUST be set to "password".
form-urlencoded parameters:
- username: This parameter is REQUIRED The resource owner username.
- password: This parameter is REQUIRED. The resource owner password.
If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token.
If the grant type is Client Credentials:
- grant_type: This parameter is REQUIRED. The value MUST be set to "client_credentials".
form-urlencoded parameters:
- client_id: This parameter is REQUIRED. Specify consumer key generated in client subscription.
- client_secret: This parameter is REQUIRED. Specify consumer secret generated in client subscription.