Skip to content

Get Access Token

After user authentication and authorization, obtain the authorization token Access Token. Access Token is a required parameter when third-party applications call BambooCloud IDaaS to get user information.

Request Description

http
POST https://{your_domain}/api/v1/oauth2/token

Request Headers

ParameterNameRequiredExampleDescription
AuthorizationAuthentication infoRequiredBasic UnFCMkhKdNOWk9xWA==Use client_id and client_secret for Base64 authentication.
Format: base64(client_id:client_secret)
Content-TypeData typeRequiredapplication/x-www-form-urlencodedSubmit parameters using form data.

Request Example

http
POST https://{your_domain}/api/v1/oauth2/token

Authorization: Basic UnFCMkhKdGt6bFU...aT0NObkk4NlNOWk9xWA==

Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=stRWlW&redirect_uri=http://oauthdemo.bccastle.com/demo/index.jsp

Request Parameters

ParameterNameRequiredExampleDescription
grant_typeAuthorization typeRequiredauthorization_codeFixed value: authorization_code.
codeAuthorization codeRequiredstRWlWAuthorization code returned in the previous step.
After the user logs in successfully, they are redirected to the specified callback address,
and the URL contains the Authorization Code.
Note: this code expires in 5 minutes.
redirect_uriCallback addressOptionalhttp://oauthdemo.bccastle.com
/demo/index.jsp
Must be consistent with the redirect_uri passed in the previous step.

Response Example

Success response example

json
HTTP Status: 200 OK
{
	"access_token": "Z43T3KWH9lecmy3H1IaCI...XRmsXaA",
	"token_type": "Bearer",
	"refresh_token": "WEAFOmOJ-A4LOhF_I39DvJuqxP0...XkFlFA",
	"expires_in": 7199,
	"scope": "get_user_info"
}

Empty code parameter

json
HTTP Status: 400 BAD REQUEST{
    "error": "invalid_request",
    "error_description": "An authorization code must be supplied."
}

Error response example

json
HTTP Status: 400 BAD REQUEST 
{
    "error": "invalid_grant",
    "error_description": "Invalid authorization code: a2W0B8Q"
}

Application credentials error

json
HTTP Status: 401 Unauthorized
{
    	"error": "invalid_client",
    	"error_description": "Bad client credentials"
}

Response Parameters

If successful, the Access Token can be obtained from the response.

ParameterNameRequiredExampleDescription
access_tokenAuthorization tokenRequiredNObiKQS-cn8AWnZyIMkOvBgHIo8Authorization token returned by the authorization server to the third-party application.
expires_inAccess token validity periodRequired7199Validity period of the access ticket returned by the authorization server to the application. Note: the validity period is in seconds.
refresh_tokenRefresh tokenOptionalwuGzSMMTjb4YhRUOjXHj-t-QD84Not returned by default. When the refresh_token validity period is configured on the IDaaS application page and is greater than or equal to the access_token validity period, the refresh_token is returned by the get Access Token endpoint.
token_typeToken typeRequiredBearer
scopeAuthorization scopeRequiredget_user_info

BambooCloud IDaaS Open Platform