Versions Compared

Old Version 5

changes.mady.by.user Lars-Erik Kindblad

Saved on

compared with

New Version 6

changes.mady.by.user Lars-Erik Kindblad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Benyttes for å hente et nytt access-token basert på authorization-code

Spesifikasjoner

Request

POST https://{miljø}/sts/oidcprov/v3/token

Mutual TLS kreves hvis klienten er satt opp til å kreve MTLS.

Plassering

Navn

Type

Beskrivelse

Body

client_id

string

Påkrevd for public clients, benyttes ikke for confidential clients


client_assertion_type

string

Påkrevd for confidential clients, skal ha verdien “urn%3Aietf%3Aparams%3Aoauth %3Aclient-assertion-type%3Asaml2-bearer”


client_assertion

string

Påkrevd for confidential clients, benyttes ikke for public clients.


grant_type

string

Påkrevd, skal ha verdien "authorization_code"


code

string

Authorization code mottatt fra /Authorize-endepunktet


code_verifier

string

Samme verdi som ble sendt inn til /par-endepunktet men uten SHA-256 hash.


redirect_uri

string

Samme verdi som ble sendt inn til /par-endepunktet

Response - Vellykket

Plassering

Navn

Type

Beskrivelse

Body

access_token

string



id_token

string



token_type

string



refresh_token

string



expires_in

int



scope

string


Response - Feilet

Plassering

Navn

Verdi

Body

error



error_description


Mulige feilkoder

HTTP-status kode

Feilkode

Beskrivelse

400

invalid_request

The request is missing a required parameter, includes an
unsupported parameter value (other than grant type),
repeats a parameter, includes multiple credentials,
utilizes more than one mechanism for authenticating the
client, or is otherwise malformed

400

invalid_client

Client authentication failed (e.g., unknown client, no
client authentication included, or unsupported
authentication method). The authorization server MAY
return an HTTP 401 (Unauthorized) status code to indicate
which HTTP authentication schemes are supported. If the
client attempted to authenticate via the "Authorization"
request header field, the authorization server MUST
respond with an HTTP 401 (Unauthorized) status code and
include the "WWW-Authenticate" response header field
matching the authentication scheme used by the client.

400

invalid_grant

The provided authorization grant (e.g., authorization
code, resource owner credentials) or refresh token is
invalid, expired, revoked, does not match the redirection
URI used in the authorization request, or was issued to
another client.

400

unauthorized_client

The authenticated client is not authorized to use this
authorization grant type.

400

unsupported_grant_type

The authorization grant type is not supported by the
authorization server.

400

invalid_scope

The requested scope is invalid, unknown, malformed, or
exceeds the scope granted by the resource owner.

503


The authorization server is currently unable to handle
the request due to a temporary overloading or maintenance
of the server.