OAuth Client Credentials Flow - integration guide for developers
Overview
This API is used to get an access token for a client (application), using the OAuth client credentials flow.
To use the API, one method is called. It will return:
- HTTP Status code 200 if request is correct and the client credentials are validated correctly. An access token will be returned.
- HTTP Status code 403 if the request is incorrect or if the client credentials are invalid.
Prerequisites
- PhenixID Authentication Services HTTP API configured for OAuth Client Credentials Flow use case
- Token endpoint URL, client_id and client_secret available (must be given to you by the AS administrator)
- Optional scope value(s) to be used
Token endpoint - api call
Request
Method: HTTP POST
Endpoint: Token endpoint URL
Example: /api/authentication/tenant1/token
Headers:
| Name | Value |
Mandatory | Comment |
|---|---|---|---|
| Content-Type | application/x-www-form-urlencoded |
Yes |
Body:
client_id=<value_given_to_you_by_op_provider_admin>&client_secret=<value_given_to_you_by_op_provider_admin>&grant_type=client_credentials
&scope=<optional_scope>
Example request
POST /api/authentication/tenant1/token HTTP/1.1
Host: integration.phenixid.se
Content-Type: application/x-www-form-urlencoded
cache-control: no-cache
client_id=myrp&client_secret=ohdarnsecret&grant_type=client_credentialsResponse
Response
The HTTP Response status code may have one of these values:
1. 200. Client credentials validated correctly. Body will contain an access_token.
2. 403. Client credentials not validated correctly.
The response body JSON structure properties:
| Name | Comment |
|---|---|
| access_token | The access token |
| token_type | Bearer |
Example response:
HTTP/1.1 200 OK
Content-Type: application/json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjN4eXoiLCJpc3MiOiJodHRwczovL2ludGVncmF0aW9uLnBoZW5peGlkLnNlIiwiaWF0IjoxNTE2MjM5MDIyLCJuYmYiOjE1MTYyMzkwMjIsImV4cCI6MTUxNjIzOTMzMywiYXVkIjoibXlycCJ9.s3VrLnDZrR5P0yCKy2yIFTUsS3pxgXZ3A3thGWFHU4w",
"token_type": "Bearer"
}