This API is used as a OAUTH2 provider for implicit client credentials. <br/>PCF Deployment Reference(TW): XP-D-IssDvcAdmin-Oauth2-IMPLTOK-DGL-EA-TW. <br/> PCF Deployment Reference(GC): XP-D-IssDvcAdmin-Oauth2-IMPLTOK-DGL-EA<br/> PCF Deployment Reference(EM): XP-D-IssDvcAdmin-Oauth2-IMPLTOK-DGL-EA-EM
Custom Gateway API Endpoint
Paths
/oauth2/token
Request Access Tokens
This endpoint allows requesting an access token following one of the flows below:
- Authorization Code (exchange code for access token)
- Client Credentials (2-legged, there isnt resource owner information)
- Resource Owner Password Credentials (2-legged, client provides resource owner name and password)
- Refresh Token (exchange refresh token for a new access token)
The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.
Client authentication:
- Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter.
- Public clients should send their client_id as formData parameter.
| grant_type | code | client_credentials | password | refresh_token |
|---|---|---|---|---|
| client_id | required | required | required | required |
| client_secret | required | required | required | required |
| code | required | |||
| redirect_uri | required | |||
| username | required | |||
| password | required | |||
| scope | optional | optional | ||
| refresh_token | required |
The implicit grant requests, see /oauth2/authorize.
Type of grant
{
"enum": [
"authorization_code",
"password",
"client_credentials",
"refresh_token"
]
}Application client ID, can be provided in formData or using HTTP Basic Authentication
Application secret, must be provided in formData or using HTTP Basic Authentication
Authorization code provided by the /oauth2/authorize endpoint
required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical.
Resource owner username
Resource owner password
Scope being requested
The refresh token that the client wants to exchange for a new access token (refresh_token grant_type)
json document containing token, etc.
json document that may contain additional details about the failure
/oauth2/introspect
Introspect a given access_token supported
This endpoint introspects a given access_token
String value of the access_token to be introspected
This must contain 'access_token' to indicate the token type
json document containing access_token information, etc.
failure
Definitions
{
"type": "object",
"additionalProperties": false,
"required": [
"token_type",
"access_token",
"expires_in"
],
"properties": {
"token_type": {
"enum": [
"bearer"
]
},
"access_token": {
"type": "string"
},
"expires_in": {
"type": "integer"
},
"scope": {
"type": "string"
},
"refresh_token": {
"type": "string"
}
}
}
{
"type": "object",
"additionalProperties": false,
"required": [
"active",
"client_id",
"client_name",
"username",
"sub",
"exp",
"expstr",
"iat",
"nbf",
"nbfstr",
"scope"
],
"properties": {
"active": {
"type": "boolean"
},
"client_id": {
"type": "string"
},
"client_name": {
"type": "string"
},
"username": {
"type": "string"
},
"sub": {
"type": "string"
},
"exp": {
"type": "string"
},
"expstr": {
"type": "string"
},
"iat": {
"type": "string"
},
"nbf": {
"type": "string"
},
"nbfstr": {
"type": "string"
},
"scope": {
"type": "string"
},
"miscinfo": {
"type": "string"
},
"consented_on": {
"type": "string"
},
"consented_on_str": {
"type": "string"
},
"grant_type": {
"type": "string"
}
}
}