OAuth Client Credentials Flow - integration guide for developers

Overview

This API is used to get an access token for a client (application), using the OAuth client credentials flow.

To use the API, one method is called. It will return:

- HTTP Status code 200 if request is correct and the client credentials are validated correctly. An access token will be returned.

- HTTP Status code 403 if the request is incorrect or if the client credentials are invalid.

Prerequisites

- PhenixID Authentication Services HTTP API configured for OAuth Client Credentials Flow use case

- Token endpoint URL, client_id and client_secret available (must be given to you by the AS administrator)

- Optional scope value(s) to be used

Token endpoint - api call

Request

Method: HTTP POST

Endpoint: Token endpoint URL
Example: /api/authentication/tenant1/token

Headers:

Name Value
 Mandatory Comment
Content-Type application/x-www-form-urlencoded
 Yes

Body:

client_id=<value_given_to_you_by_op_provider_admin>&client_secret=<value_given_to_you_by_op_provider_admin>&grant_type=client_credentials
&scope=<optional_scope>

Example request

 

POST /api/authentication/tenant1/token HTTP/1.1
Host: integration.phenixid.se
Content-Type: application/x-www-form-urlencoded
cache-control: no-cache


client_id=myrp&client_secret=ohdarnsecret&grant_type=client_credentials

Response

Response

The HTTP Response status code may have one of these values:

1. 200. Client credentials validated correctly. Body will contain an access_token.

2. 403. Client credentials not validated correctly.

 

The response body JSON structure properties: 

Name Comment
access_token The access token
token_type Bearer

Example response:

HTTP/1.1 200 OK
Content-Type: application/json
{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjN4eXoiLCJpc3MiOiJodHRwczovL2ludGVncmF0aW9uLnBoZW5peGlkLnNlIiwiaWF0IjoxNTE2MjM5MDIyLCJuYmYiOjE1MTYyMzkwMjIsImV4cCI6MTUxNjIzOTMzMywiYXVkIjoibXlycCJ9.s3VrLnDZrR5P0yCKy2yIFTUsS3pxgXZ3A3thGWFHU4w",
    "token_type": "Bearer"
}