Authorization code variant
Description
Exchanges an authorization code for an access token.
Endpoint
/oauth/token
Method
POST

Parameters

Name
Description
Required
grant_type
Must be 'authorization_code' to emphasize that you are trying to exchange an authorization code.
​
client_id
The client id given during the client registration. Alternatively, this can be supplied using the Basic HTTP header with the client_id as username and client_secret as password.
​
client_secret
The client secret given during the client registration. Alternatively, this can be supplied using the Basic HTTP header with the client_id as username and client_secret as password.
​
authorization_code
The authorization code given in the query parameters of the /authorize endpoint redirect
​
redirect_uri
The redirect location used for the authorization. This parameter is required if a redirect uri was given to the /authorization endpoint.
false
code_verifier
The code verifier of the PKCE. Required if a code_challenge was given to the /authorization endpoint.
false
Copy link