Step 10: Get the access token
POST {{authPath}}/{{envID}}/as/token
The token endpoint is used by the client to obtain an access token by presenting the client's authorization grant. For authorization_code grants, the application calls the POST /{{envID}}/as/token endpoint to acquire the access token. To use a JWT to authenticate the request, you must include the client_assertion and client_assertion_type properties.
The request body includes these properties:
grant_type
A string that specifies the grant type of the token request. In this example, the value is authorization_code.
code
A string that specifies the authorization code value returned by the authorization request.
redirect_uri
A string that specifies the URL that specifies the return entry point of the application.
scope
A string that specifies the permissions specified by the access token.
client_assertion
A string that specifies the JWT signed by the client secret that authenticates the token request.
client_assertion_type
A string that specifies the client assertion type. The value of this property must be set to urn:ietf:params:oauth:client-assertion-type:jwt-bearer.
Note: The client_assertion property for this request requires a JWT signed by the client secret to authenticate. If you use the Qodex collection to run this workflow, there is a Qodex Pre-req script that creates the JWT for you and signs it using the application secret you returned in Step 2. If you prefer to create your own JWT, see Create a client secret JWT for more information.
The response data contains the access token and the ID token.
Request Body
[{"name"=>"grant_type", "value"=>"authorization_code", "datatype"=>"string"}, {"name"=>"code", "value"=>"{{authCode}}", "datatype"=>"string"}, {"name"=>"redirect_uri", "value"=>"https://www.example.com", "datatype"=>"string"}, {"name"=>"scope", "value"=>"openid", "datatype"=>"string"}, {"name"=>"client_assertion", "value"=>"{{jwt_signed}}", "datatype"=>"string"}, {"name"=>"client_assertion_type", "value"=>"urn:ietf:params:oauth:client-assertion-type:jwt-bearer", "datatype"=>"string"}]
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string |