Contents

Popular

This policy is used to create a Token endpoint project to generate access tokens. The token endpoint API is used by the client to obtain an access token by presenting its authorization grant or refresh token along with valid credentials.

In case of Client Credentials, grant type request only credentials are sufficient to obtain an access token. In general, one instance of Token end point API project is sufficient for entire API Management Product.

Configuration


Figure 2: OAuth Token End Policy Configuration attributes

The property that has to be configured to use the policy is described below.

PropertyDescription
Access Token Expiry TimeProvide required expiry time to the generated access token
Icon

This policy is used with every authorization grant except for the implicit grant type (since an access token is issued directly).

The Request for OAuth Token End Point has to be constructed with the following parameters using POST 

If the grant type is Authorization Code:

query parameters:

  • grant_type: This parameter is REQUIRED. The value MUST be set to "authorization_code".

form-urlencoded parameters:

  • code: This parameter is REQUIRED. The authorization code received from the authorization server.
  • client_id: This parameter is REQUIRED. Specify consumer key generated in client subscription.

If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token.

If the grant type is Resource Owner Password Credentials:

query parameters:

  • grant_type: This parameter is REQUIRED. The value MUST be set to "password".

form-urlencoded parameters:

  • username: This parameter is REQUIRED The resource owner username.
  • password: This parameter is REQUIRED. The resource owner password.

If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token.

If the grant type is Client Credentials:

  • grant_type: This parameter is REQUIRED. The value MUST be set to "client_credentials".

form-urlencoded parameters:

  • client_id: This parameter is REQUIRED. Specify consumer key generated in client subscription.
  • client_secret: This parameter is REQUIRED. Specify consumer secret generated in client subscription.


Adaptavist ThemeBuilder EngineAtlassian Confluence