Retrieve Access Token from Authorization Code

POST /v2/oauth2/token/

API version

v2

Request method

POST

Operation ID

user-oauth-retrieve-access-token

---

The OAuth 2.0 client retrieves an Access Token from an existing authorization code according to RFC6749.

Request

Responses

Format

application/json

Description

The authorization server issues an access token as described in RFC6749.

Schema documentation

• access_tokenstring

  required

  The access token issued by the authorization server.

• expires_ininteger

  required

  The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.

• refresh_tokenstring

  required

  The refresh token issued by the authorization server.

• scopestring

  The scope of the access token as described by RFC6749.

• token_type"bearer"

  required

  The type of the token issued as described in RFC6749.

Example

{
  "access_token": "string",
  "expires_in": 123,
  "refresh_token": "string",
  "scope": "string",
  "token_type": "bearer"
}

JSON Schema

{
  "properties": {
    "access_token": {
      "description": "The access token issued by the authorization server.\n",
      "type": "string"
    },
    "expires_in": {
      "description": "The lifetime in seconds of the access token. For\nexample, the value \"3600\" denotes that the access\ntoken will expire in one hour from the time the\nresponse was generated.\n",
      "type": "integer"
    },
    "refresh_token": {
      "description": "The refresh token issued by the authorization server.\n",
      "type": "string"
    },
    "scope": {
      "description": "The scope of the access token as described by\n[RFC6749](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3).\n",
      "type": "string"
    },
    "token_type": {
      "description": "The type of the token issued as described in\n[RFC6749](https://datatracker.ietf.org/doc/html/rfc6749#section-7.1).\n",
      "enum": [
        "bearer"
      ],
      "type": "string"
    }
  },
  "required": [
    "access_token",
    "refresh_token",
    "token_type",
    "expires_in"
  ],
  "type": "object"
}

Usage examples

cURL

$ curl \
    --fail \
    --location \
    -X POST \
    -H "Authorization: Bearer $MITTWALD_API_TOKEN" \
    https://api.mittwald.de/v2/oauth2/token

JavaScript SDK

import { MittwaldAPIV2Client } from "@mittwald/api-client";
import { assertStatus } from "@mittwald/api-client-commons";
  
const client = MittwaldAPIClient.newWithToken(process.env.MITTWALD_API_TOKEN);
const response = await client.user.oauthRetrieveAccessToken({});

assertStatus(response, 200);
  

PHP SDK

use \Mittwald\ApiClient\Generated\V2\Clients\User\OauthRetrieveAccessToken\OauthRetrieveAccessTokenRequest;
  
$client = MittwaldAPIClient::newWithToken(getenv('MITTWALD_API_TOKEN'));

$request = (new OauthRetrieveAccessTokenRequest());
$response = $client->user()->oauthRetrieveAccessToken($request);

var_dump($response->getBody();