POST
/oauth2/token
application/x-www-form-urlencoded
POST /oauth2/token HTTP/1.1Host: sample.portal.tencentciam.comContent-Type: application/x-www-form-urlencodedgrant_type=password&client_id=TENANT_CLIENT_ID&client_secret=TENANT_CLIENT_SECRET&auth_source_id=MOCK_USERNAME_PASSWORD_AUTH_SOURCE_ID&username=MOCK_USERNAME&password=MOCK_PASSWORD&scope=openid
Parameter | Optional | Description |
grant_type | false | Fixed value: password . |
client_id | false | The client_id of the application. Go to the application management page and select the application, and then click Application Configuration to find the Client ID. |
client_secret | true | The client_secret of the application. Go to the application management page and select the application, and then click Application Configuration to find the client_secret. This parameter is required for web applications, yet it is not needed for SPA and mobile applications. |
auth_source_id | false | ID of the account and password authentication source. You can view it on the General Authentication Source page on the console. |
username | false | Username. The authentication source attributes that need to be configured with the account and password authentication source include the username, mobile number, and email address. |
password | false | User password. |
scope | true | This parameter is not required. If this parameter is used, the value should be openid . |
HTTP/1.1 200 OKContent-Type: application/json;charset=UTF-8{"access_token" : "eyJraWQiOiI1MzQyOGU3ZS1kOTJiLTQ3OTAtOGIwMC0wMmEyZjc4NjUxNzMiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJNT0NLX1VTRVJfSUQiLCJhdWQiOiJURU5BTlRfQ0xJRU5UX0lEIiwibmJmIjoxNjQwNTg4ODI2LCJzY29wZSI6WyJvcGVuaWQiXSwiaXNzIjoiaHR0cHM6XC9cL3NhbXBsZS5wb3J0YWwudGVuY2VudGNpYW0uY29tIiwiZXhwIjoxNjQwNTg5MTI2LCJpYXQiOjE2NDA1ODg4MjYsImp0aSI6IjU0ODZhNWRhLTE0YTYtNDNkZC04MWNkLTEwNmRiMDVhMjJmZiJ9.cd2hoQEVZLGcRaqhDLs-W8m9IN2pDT4XzluxYz4ulNwHTfBTu_1NamlH0kmd0KDhzBMRAl6YXHVDVOXZEV47C1uoYDATnwQetUsg8eJObzlPEVZ81ovU-eRm7I0lQ_MVI9MC7jMcdOKvEDJCOJtnwtorkQpqEPYovrxctNvvClqLBsDVbUebC2-iUGwz4vWE-DL17M39rqtmwXv6C21ovv6Pe9BSUUAj_CzHSV-ZSF7fjyYjnlTEOLjilFNsFD9Ow1czNFqnwxkc7dwugOGJ7qM30zuTgSme76K3tLbol8fKO-CUKglZO9mWIXUWizhePTzd3CKGE4C7gUHR40EjNw","refresh_token" : "7uqTlthTQrzIZx8joT20chQbakZp81_iv39GTyCpsEyYpWoquNhuB3s6qEQHGeu2RBpaZcavFf9UOdgtUaCjB42D478MISnj6qBY52q3Pd5eNBBcXZ68oqMkFVidvgha","scope" : "openid","id_token" : "eyJraWQiOiI1MzQyOGU3ZS1kOTJiLTQ3OTAtOGIwMC0wMmEyZjc4NjUxNzMiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJNT0NLX1VTRVJfSUQiLCJhdWQiOiJURU5BTlRfQ0xJRU5UX0lEIiwiYXpwIjoiVEVOQU5UX0NMSUVOVF9JRCIsImlzcyI6Imh0dHBzOlwvXC9zYW1wbGUucG9ydGFsLnRlbmNlbnRjaWFtLmNvbSIsImV4cCI6MTY0MDU5MDYyNiwiaWF0IjoxNjQwNTg4ODI2LCJqdGkiOiI0Mzg0OTUwYS0zOTFlLTQ3MDgtYjFjYS05ZjVkNzQzN2Q3ZDIifQ.kaquINkB64dRAaXPG8KLBCpZ6hwNxtA5ruXpwYgEzFHppXQMqPRQQ-Iwn0659lpy8B2CqjRIar_A1xS518Uua3ItkUtoJQXcIxLDSGRatk6mZ6q7XgOHvALsLhQlYQjn36kXdnOJipPVB124y-o20UHwUC27nUH0e9GuYxwX3p56684NB4xJXUfEL2yl9Zt8rMEpD1I1hI5exg75ZP7MCSjzoNgr7fmpGuDNWWhRALh6sY4Dv5BSgE9B0No0xwFOLnAV4NMsvimJg5rBlJXepOhW4JfwZ3TnzXtDUk3oeajhRxPtjbkxt5NrSYMxUwBggkcoi4eOfVpo8crmQNrSVQ","token_type" : "Bearer","expires_in" : 299}
Parameter | Data Type | Description |
access_token | String | OAuth 2.0 Access Token (JSON Web Token, or JWT). |
token_type | String | Token type. Fixed value: Bearer . |
expires_in | Number | Validity period of Access Token (unit: sec) |
scope | String | Access Token scope. |
refresh_token | String | OAuth 2.0 Refresh Token. |
id_token | String | OpenID Connect (OIDC) ID Token (JWT). |
HTTP/1.1 400 Bad RequestContent-Type: application/json;charset=UTF-8{"error" : "invalid_grant","error_description" : "Wrong username or password"}
HTTP/1.1 400 Bad RequestContent-Type: application/json;charset=UTF-8{"error" : "invalid_grant","error_description" : "Abnormal user status"}
HTTP/1.1 400 Bad RequestContent-Type: application/json;charset=UTF-8{"error" : "invalid_grant","error_description" : "Unsupported username identifier"}
HTTP/1.1 400 Bad RequestContent-Type: application/json;charset=UTF-8{"error" : "invalid_auth_source","error_description" : "Auth source and application not associated"}
Was this page helpful?