POST

https://{customer_name}.login.fabric.inc

/
oauth2
/
{authServerId}
/
v1
/
token
curl --request POST \
  --url https://{customer_name}.login.fabric.inc/oauth2/{authServerId}/v1/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data client_id=0oa3asajdykUunEjL697 \
  --data client_secret=J88GlXYuhrStpCHNC22hSqGRFe_kQuESkteFTJPJ \
  --data redirect_uri=http://localhost:8080 \
  --data grant_type=client_credentials \
  --data code_verifier=3bc9ba27fbd3eea9a3a6223edd2a7b5c2d30e183361 \
  --data code=of5rhPdL5xAyp9fCvB4KaMSv_4RveYP5R9RugT0j7Eo \
  --data scope=s2s
{
  "token_type": "Bearer",
  "expires_in": 600,
  "access_token": "eyJraWQiOiJGRkYtaDJDdDlTXzFqTTFlQUpfdlc1WkJFZmJYRkRBbUlDdGJsTEdMMjBnIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULm54M05TR1FrWDhhVHpQU29xUC1BU0pYTTBjYmJQUVVQdzRrNV96VE5ITk0ub2FycXdpNGEyN3pYSFhHT1UxZDYiLCJpc3MiOiJodHRwczovL3Rlc3Q2LmxvZ2luLWRldi5mYWJyaWMuaW5jL29hdXRoMi9kZWZhdWx0IiwiYXVkIjoiYXBpOi8vZGVmYXVsdCIsImlhdCI6MTY4NDQwOTk2OSwiZXhwIjoxNjg0NDEzNTY5LCJjaWQiOiIwb2E3OXg1MjNlVjNvN1hRSjFkNyIsInVpZCI6IjAwdTdtN3ZvbDc3clE5MlNCMWQ3Iiwic2NwIjpbIm9mZmxpbmVfYWNjZXNzIiwiZW1haWwiLCJvcGVuaWQiXSwiYXV0aF90aW1lIjoxNjg0NDA5OTY5LCJzdWIiOiJwYXQudGVzdDIyMjNAZXhhbXBsZS5jb20iLCJmYWJyaWNVc2VySWQiOiIxMWIzNTIyZC0xMDk5LTQyNGMtYWFlOS0xZTg2MTAxYTIyMmEiLCJ1c2VyUG9vbFR5cGUiOiJjdXN0b21lciIsImFjY291bnRzIjoie1wiNjBjOTE3NTBmYThkM2UwMDA4NTRlOGVhXCI6e1wicm9sZXNcIjpbXCJkZGQwN2UwNS1iZTdhLTQ2MTAtYjhjNC0yMGRmZDJmODhkMzhcIl0sXCJpZFwiOlwiNjBjOTE3NTBmYThkM2UwMDA4NTRlOGVhXCIsXCJuYW1lXCI6XCJ0ZXN0NlwiLFwidGVuYW50SWRcIjpcIjYwYzkxNzUwZmE4ZDNlMDAwODU0ZThlYVwiLFwibG9nb1VybFwiOm51bGx9fSIsImlkZW50aXR5VmVyc2lvbiI6InYyIn0.NxElKcQ-VzYUgn10x8wMgV1CgpF3FRMiCGpvD7W3s2G2wKesFYkhLo6F9HHl4Y0M-u4mObGZR83CV58bO1GvcBh7DIW-lV8S-_k64qAK4WfFWtpQSETMZfmcZ6ouD9fOGGu-RajQe_QbDAoAN1MxdQPpR7R7ZWCX5XCdnrQOJq_j_7HKV_g9HrqEq7yi5fwKENsqirYUQDRa0uLeXu9_-VMBkP-10HmlWqE0e21X8gVMsGpaZ6ppm2oLP6y8idQXA-h9sUygFyXyDk04OGPK3C0Haysuc8w5Fb9KSQ-YzkCwInC0VVLjougKL5P_NSBZEqluBHEHIdkyk6aR8ZX3iA",
  "id_token": "eyJraWQiOiJGRkYtaDJDdDlTXzFqTTFlQUpfdlc1WkJFZmJYRkRBbUlDdGJsTEdMMjBnIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHU3bTd2b2w3N3JROTJTQjFkNyIsImVtYWlsIjoicGF0LnRlc3QyMjIzQGV4YW1wbGUuY29tIiwidmVyIjoxLCJpc3MiOiJodHRwczovL3Rlc3Q2LmxvZ2luLWRldi5mYWJyaWMuaW5jL29hdXRoMi9kZWZhdWx0IiwiYXVkIjoiMG9hNzl4NTIzZVYzbzdYUUoxZDciLCJpYXQiOjE2ODQ0MDk5NjksImV4cCI6MTY4NDQxMzU2OSwianRpIjoiSUQuRHNuMkhjUl83Z29GLVlOV3h5RW80TXZRcFRGQjYtNkJuYzRjX3h2SlE4OCIsImFtciI6WyJwd2QiXSwiaWRwIjoiMDBvNXlia2Fmb3U4N3lsTDMxZDciLCJhdXRoX3RpbWUiOjE2ODQ0MDk5NjksImF0X2hhc2giOiJGWktvRG5ZQmFfZnBraEgybzd5bXF3In0.CFNMcmVu9-PAlI3XkqdWXaxIDoZlFkzEFz1dtUdsMbVs47VmOCNAyngAXoPm0a9JFbFkPtw2zQt-nbrIq4Wb8v_MwmIW8s1OO87DXzvPYfW5zGZ7-tJDv0LfbSHp9epnRU7kiZSh5Dg9Uj4LQK6D1sfAIk9NRqPYl2TFapva_0hNTyRGVXlp0hWrZkdBplL1R8aX18dzrbMOuiniLOnfff5KyW7tS7dB9RYLN1uuQYB6dX9QpR5Lxf8I8Hjv3IjC_JXfltzi5hni4i-t36my6d20P-P45H9LYbN1u8T6hTkYA017FJBVWOsFYSh4vZxLlS-3nyMr3rnVpTewRVsTOw",
  "scope": "openid profile email"
}

Headers

Authorization
string

Required for userapp with authorization code flow without PKCE and for sysapp. Basic authorization header should be created using the client ID and client secret of the userapp or sysapp. The value should be derived as Basic base64encode(client_id:client_secret). Refer to https://datatracker.ietf.org/doc/html/rfc2617#section-2 for additional info.

Path Parameters

authServerId
string
required

Use default for userapp flows. For sysapp, use the tenant-specific server ID provided by fabric Identity (see Getting Started).

Body

application/x-www-form-urlencoded
client_id
string

Required only for userapp and authorization code flow with PKCE.

client_secret
string

Required only for userapp and authorization code flow with PKCE.

redirect_uri
string

Required for userapp with both authorization code flow with and without PKCE. URL encoded redirect_uri sent by the userapp in the previous /authorize call.

grant_type
enum<string>
required

Required for all authentication flows and app types. Set to authorization_code for userapp (for both authorization code flow with and without PKCE). Set to client_credentials when using for sysapp.

Available options:
authorization_code,
client_credentials
code_verifier
string

Required only for userapp and authorization code flow with PKCE. Code verifier using for deriving the code_challenge sent in the /authorize call. Refer to https://datatracker.ietf.org/doc/html/rfc7636#section-4.2 for more details

code
string

Required for userapp with both authorization code flow with and without PKCE. <br /> Authorization code received as part of the callback response to the /authorize call.

scope
string
default: s2s

Required only for sysapp. Value should always be set to s2s.

Response

200 - application/json
token_type
string

Will always be set to Bearer

expires_in
number

Describes the time in seconds in which the issued access token expires

access_token
string

The access token issued for the logged in user or the app itself. This access token should be used as a bearer token in the Authorization header of subsequent fabric API calls.

id_token
string

This token certifies that the user or app was indeed authenticated successfully. However, this token is not to be used when invoking fabric APIs, use access token instead.

scope
string

Always set to "openid profile email" as part of the OpenID Connect standard.

Was this page helpful?

OverviewAuthorize `userapp` with and without PKCE