Skip to content

Password Grant Authentication

The user enters username and password in the client, and the client application backend calls the unified authentication platform to obtain an Access Token.

Request Description

http
POST https://{your_domain}/api/v1/oauth2/token

Request Headers

ParameterNameRequiredExampleDescription
AuthorizationAuthentication infoRequiredBasic UnFCMOWk9xWA==Use client_id and client_secret for Base64 authentication.
Format: base64(client_id:client_secret)
Content-TypeData typeRequiredapplication/x-www-form-urlencodedSubmit parameters using form data.

Request Example

http
POST https://{your_domain}/api/v1/oauth2/token

Authorization: Basic UnFCMkhKdGt6bFU...aT0NObkk4NlNOWk9xWA==

Content-Type: application/x-www-form-urlencoded

username=test&password=123456&grant_type=password

Request Parameters

ParameterNameRequiredExampleDescription
grant_typeAuthorization typeYespasswordpassword
usernameLogin nameYestestLogin name / mobile / email
passwordPasswordYes123456

Response Example

Success response example

json
HTTP Status: 200 OK
{
	"access_token": "Z43T3KWH9lecmy3H1IaCI...XRmsXaA",
	"token_type": "Bearer",
	"refresh_token": "WEAFOmOJ-A4LOhF_I39DvJuqxP0...XkFlFA",
	"expires_in": 7199,
	"scope": "get_user_info"
}

Incorrect username or password

json
HTTP Status: 400 Bad Request
{  
    "error": "invalid_request",  
    "error_description": "An authorization username must be supplied."
}

Incorrect username or password

json
HTTP Status: 400 Bad Request
{
    "error": "invalid_grant",  
    "error_description": "Bad credentials"
}

User is locked

json
HTTP Status: 400 Bad Request
{
    "error": "invalid_grant",
    "error_description": "User is locked"
}

User is disabled

json
HTTP Status: 400 Bad Request
{
    "error": "invalid_grant",
    "error_description": "User is disabled"
}

User password has expired

json
HTTP Status: 400 Bad Request
{
    "error": "invalid_grant",
    "error_description": "Password has expired"
}

Application credentials error

json
HTTP Status: 401 UNAUTHORIZED
{  
     "error": "invalid_client",  
     "error_description": "Bad client credentials"  
}

Response Parameters

If the user logs in and authorizes successfully, the authorization token access token is returned.

ParameterNameRequiredDescription
access_tokenAuthorization token8ab9812c-1076-47f0-9e4a-6d48280ec524Authorization token returned by the authorization server to the third-party application; this parameter must be provided for all subsequent API calls.
expires_inAccess token validity period1500Validity period of the access ticket returned by the authorization server to the application. Note: the validity period is in seconds.
refresh_tokenRefresh token92fe3c7a-f8ad-4dc3-b0c4-c0281c1fa560
token_typeToken typebearer
scopeAuthorization scopeget_user_info

BambooCloud IDaaS Open Platform