Authorization code variant

Description

Exchanges an authorization code for an access token.

Endpoint

/oauth/token

Method

POST

Parameters

Name
Description
Required

grant_type

Must be "authorization_code" to emphasize that you are trying to exchange an authorization code.

client_id

The client id given during the client registration. Alternatively, this can be supplied using the Basic HTTP header with the client_id as username and client_secret as password.

client_secret

The client secret given during the client registration. Alternatively, this can be supplied using the Basic HTTP header with the client_id as username and client_secret as password.

authorization_code

The authorization code given in the query parameters of the /authorize endpoint redirect.

redirect_uri

The redirect location used for the authorization. This parameter is required if a redirect uri was given to the /authorization endpoint.

false

code_verifier

The code verifier of the PKCE. Required if a code_challenge was given to the /authorization endpoint.

false

Last updated