Access Token Request
Issue a POST to /idp/profile/oauth2/token using the application/x-www-form-urlencoded format with a character encoding of UTF-8 and the following parameters in the request body:
Parameter | Type | Description |
|---|---|---|
grant_type | String required | " |
code | string required | The value of the "code" parameter from the previous response. |
redirect_uri | string required | Your registered callback URL. Must match exactly the value used in the previous request |
client_id | string optional | Your Client ID. This is required if HTTP Basic Authentication is not used. |
client_secret | string optional | Your Client Secret. This is required if HTTP Basic Authentication is not used. |
As shown in the parameter table, HTTP Basic Authentication may be used instead of providing client_id and client_secret as request parameters.
In that case, the Client ID should be used as the username and the Client Secret should be used as the password.
If possible, the use of HTTP Basic Authentication is preferred.