Endpoint Token

Tento endpoint vrací Access a Refresh tokeny na základě parametrů v requestu a také implementovaných grantů:

authorization_code
refresh_token
password_and_refresh_token
switch_user_refresh_token
client_credentials

Request

POST https://oauth.stormm.cz/token

HEADER

Accept:application/json
Content-Type:multipart/form-data;

BODY

Parametr	Datový typ	Povinnost	Popis
`grant_type`	string	Ano	Typ grantu pro získání Access a Refresh tokenu: - authorization_code - refresh_token - password_and_refresh_token - switch_user_refresh_token - client_credentials
`client_id`	string	Ano	Identifikátor clienta
`client_secret`	string	Ano/Ne	Secret key klienta (používá privátní klient)
`code_verifier`	string	Ano/Ne	Kryptogarafický random string. Více o PKCE (používá public client)
`code`	string	Ano/Ne	Hodnota vrácena z endpointu `/authorize` Vyžadováno pokud `grant_type` je authorization_code
`scope`	string	Ano	Scopy, které jsou vyžadovány, oddělené mezerou
`refresh_token`	string	Ano/Ne	Vyžadováno pokud `grant_type` je refresh_token nebo password_and_refresh_token a switch_user_refresh_token
`switch_user`	string	Ano/Ne	Username účtu pro který chceme Access a Refresh token. Vyžadováno pokud `grant_type` je switch_user_refresh_token
`password`	string	Ano/Ne	Heslo pro ověření. Vyžadováno pokud `grant_type` je password_and_refresh_token

Response

200

HEADER

Content-Type:application/json

BODY

{
    "token_type": "Bearer",
    "expires_in": 3600,
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI0NDRlYzU1M2M4ZTNiM2VhNzk2OGIzNmM3NTQ0YmM0MCIsImp0aSI6Ijc3NmNjNjYwOWRjY2Y3M2Y2MTJiYzY0NjdkYjlmNWQwNWVmZDdmMTY3MDgzMGIwYzlkNGE1OGFkYWRlODg2NTZkMjE1NDMxYmQzNGUwMzBjIiwiaWF0IjoxNjUxODI1MjcwLjYzNDY0NiwibmJmIjoxNjUxODI1MjcwLjYzNDY3LCJleHAiOjE2NTE4Mjg4NzAuNjE5NDMxLCJzdWIiOiJmaWRvIiwic2NvcGVzIjpbIm9wZW5pZCIsInByb2ZpbGUiXSwiZGV2aWNlX2lkIjoiZmMxNjZiOWYtYTQwNC00YjQ5LThjNTItYzlkNmUwY2JkMWFjIiwiY2xpZW50X2lkIjoiNDQ0ZWM1NTNjOGUzYjNlYTc5NjhiMzZjNzU0NGJjNDAiLCJsb2dpbl90b2tlbiI6ImE1ZjYzYTUzLWM0MzYtNGE4MS04YzA0LTI0NDU3N2MyMDM1YyJ9.yR5yST028H7qPdEO-h1UbuGqE5r9kFGuIX1EivXKfQUixSS2_xkknsdUHUx5-mjpDzc2ap8At3rpPxjFXSlER-XCP8EZHsBhhUcZSrdCPnRyj_zftYQNGmMwsz-KiMCnAdcYLd4ctD7QnRlyZHa93G9qi8xF4yTUrY_pfO8mA8Ph8IgX02LXZriTi9CWu0901q17P3fki93RggW4d4cujtx3QICwEGgBUC4f6Z5xDpFYnLiYXppr1bfs6zMfxGlnjkAGWzl6_20tsmPDzOSO6t2OJWfDQTr2FIz0uU_W2ZLgQbdgpWB9DLbfGETEFRARAXBr5gikRjBKgDfIHyokDg",
    "refresh_token": "def50200e10860e7c25d6ca9c5efcff95c734cd67d8b5a553c159b142ac6ac98221fa455090992842a6df111212432ded4efc5c738487e59b926e063f75bb9ff0d19089f9944ce888af9d9e5bb93bf02c94d77eb1dc56e2c7ad164b88c24bf659a7f32a50ab294c6667b403c233d22f76893baf63f19436107f6a9fda42c69fc6f0dbab6a34f75add117566417e5563471f765327cf7fa65fe558aef847c5957b1baff3fe206d2d5c59d9c4fc9185c8b3ac1bb115c00c9c9142f2c85ec863bff7d214ebe0cf8dd9c1246f0d84dd1eb74cd6815d3c6ba7ba2b771005c031fba8c15680fe96dec9f9f32b7165658f6a6248d53d67c2a7058e2630349eb2a73c59f51643529ab63375b96ff797825fa78808a5f60dfec7082526f68256d24d533cd4daa3c9f8c1b6df300d90519b18db3fb02fd3b7617cc7d92f13dd0520d17ce171954df42322705fa95325f21ad391d026a2e5244c316d0ea82731f492c765277e0fcf59f4edd05b9014ae478d40415ed989c09de38df3d30d37012decb202ad8d10aff4d98f97f0f213e28e37e13cbd36144f220843f9cddce719b74994f56d2aad11130431e95d2621c31f8def69722324d2f87bbac1411a8984db058944f9f5199907777e857e83e84763959acc450a7acb7d171ca503d1c9bb82f2a7d77e13410af7c4d34478d208d7c5c22c318af7d4610aa492542c25091e5bfdedffd"
}

400

HEADER

Content-Type:application/json

BODY

{
    "error": "invalid_request",
    "error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.",
    "hint": "Authorization code has expired",
    "message": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed."
}

Užitečné odkazy

O OAuth více info zde: Implementovaný Bundle
O PKCE více info zde: RFC dokumentace
Nástroj pro vygenerování PKCE: Nástroj