Get Access Token
After user authentication and authorization, obtain the authorization token Access Token. Access Token is a required parameter when third-party applications call BambooCloud IDaaS to get user information.
Request Description
http
POST https://{your_domain}/api/v1/oauth2/tokenRequest Headers
| Parameter | Name | Required | Example | Description |
|---|---|---|---|---|
| Authorization | Authentication info | Required | Basic UnFCMkhKdNOWk9xWA== | Use client_id and client_secret for Base64 authentication. Format: base64(client_id:client_secret) |
| Content-Type | Data type | Required | application/x-www-form-urlencoded | Submit parameters using form data. |
Request Example
http
POST https://{your_domain}/api/v1/oauth2/tokenAuthorization: Basic UnFCMkhKdGt6bFU...aT0NObkk4NlNOWk9xWA==
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=stRWlW&redirect_uri=http://oauthdemo.bccastle.com/demo/index.jsp
Request Parameters
| Parameter | Name | Required | Example | Description |
|---|---|---|---|---|
| grant_type | Authorization type | Required | authorization_code | Fixed value: authorization_code. |
| code | Authorization code | Required | stRWlW | Authorization code returned in the previous step. After the user logs in successfully, they are redirected to the specified callback address, and the URL contains the Authorization Code. Note: this code expires in 5 minutes. |
| redirect_uri | Callback address | Optional | http://oauthdemo.bccastle.com /demo/index.jsp | Must be consistent with the redirect_uri passed in the previous step. |
Response Example
Success response example
json
HTTP Status: 200 OK
{
"access_token": "Z43T3KWH9lecmy3H1IaCI...XRmsXaA",
"token_type": "Bearer",
"refresh_token": "WEAFOmOJ-A4LOhF_I39DvJuqxP0...XkFlFA",
"expires_in": 7199,
"scope": "get_user_info"
}Empty code parameter
json
HTTP Status: 400 BAD REQUEST{
"error": "invalid_request",
"error_description": "An authorization code must be supplied."
}Error response example
json
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_grant",
"error_description": "Invalid authorization code: a2W0B8Q"
}Application credentials error
json
HTTP Status: 401 Unauthorized
{
"error": "invalid_client",
"error_description": "Bad client credentials"
}Response Parameters
If successful, the Access Token can be obtained from the response.
| Parameter | Name | Required | Example | Description |
|---|---|---|---|---|
| access_token | Authorization token | Required | NObiKQS-cn8AWnZyIMkOvBgHIo8 | Authorization token returned by the authorization server to the third-party application. |
| expires_in | Access token validity period | Required | 7199 | Validity period of the access ticket returned by the authorization server to the application. Note: the validity period is in seconds. |
| refresh_token | Refresh token | Optional | wuGzSMMTjb4YhRUOjXHj-t-QD84 | Not returned by default. When the refresh_token validity period is configured on the IDaaS application page and is greater than or equal to the access_token validity period, the refresh_token is returned by the get Access Token endpoint. |
| token_type | Token type | Required | Bearer | |
| scope | Authorization scope | Required | get_user_info |