post https:///OAuth2/Token
- Client invokes this endpoint to exchange the access code for an access token by passing the full redirect URI in the redirect_uri parameter using form serialization.
- The access code is specified in the URI's code query parameter and the grant_type is set to authorization_code
- The response params will vary depending upon the grant_type
- See the OAuth2 spec https://oauth.net/2/
| Flow Types | Grant_Type | OAuth App(response) | OIDC App(response) | Remarks (only for OIDC) |
|---|---|---|---|---|
| Resource Owner Password Grant | password | access token | NA | |
| Client Credentials | client_credentials | access token | NA | |
| Authorization code flow | code / authorization_code | access token | "access token , id_token" | Scope openid is mandatory |
| Authorization Code with PKCE | code / authorization_code | access token | "access token, id_token" | Scope openid is mandatory |
| refresh_token | access token | id_token | Scope openid is mandatory |