Get Token by ROPC
POST /oauth/token
Basic Authorization (retrieve credentials from OAuth Application)
- Username: OAuth Client ID
- Password: OAuth Client Secret
- HTTP header:
Authorization: Basic base64(client_id:client_secret)
Headers
Content-Type: application/json
Request Body
| Key | Type | Required | Rule | Description |
|---|---|---|---|---|
| grant_type | string | Mandatory | must be password | OAuth grant type |
| username | string | Mandatory | User's login identifier (email/phone) | |
| password | string | Mandatory | User's password |
Expected HTTP status code
- 200
Response
| Name | Type | Description |
|---|---|---|
| access_token | string | Bearer access token |
| token_type | string | Always Bearer |
| expires_in | number | Token lifetime in seconds |
| refresh_token | string | Refresh token |
Error
| Code | error | error_description |
|---|---|---|
400 | invalid_grant | invalid grant type |
400 | invalid_grant | Invalid username or password |
400 | invalid_grant | Multi-factor authentication required |