Authorization code variant
Description
Exchanges an authorization code for an access token.
Endpoint
/oauth/token
Method
POST
Parameters
grant_type
Must be "authorization_code" to emphasize that you are trying to exchange an authorization code.
client_id
The client id given during the client registration. Alternatively, this can be supplied using the Basic HTTP header with the client_id as username and client_secret as password.
client_secret
The client secret given during the client registration. Alternatively, this can be supplied using the Basic HTTP header with the client_id as username and client_secret as password.
authorization_code
The authorization code given in the query parameters of the /authorize endpoint redirect.
redirect_uri
The redirect location used for the authorization. This parameter is required if a redirect uri was given to the /authorization endpoint.
false
code_verifier
The code verifier of the PKCE. Required if a code_challenge was given to the /authorization endpoint.
false
Last updated