Token Endpoint
https://oa.dnc.global/token
More details : API OpenID Connect : Point d’extrémité d’autorisation (Authorization Endpoint).
The token endpoint is the endpoint on the authorization server that the client application is addressing with the authorization code.
Access Token Request Form
The request must be made only by the POST method.
For authentication of the client application to the authorization server, OAuthSD imposes the client_secret_basic method. Authentication is therefore performed using HTTP Basic authentication (see section 2.3.1 of OAuth 2.0 [RFC6749]). The identifiers client_id and client_secret are those that were defined during the registration of the client application on the server.
The following parameters must be posted:
grant_type: Authorization flow type, must be "authorization_code".
code: the authorization code received.
redirect_uri: the return address to the client application.
Server response
If successful, the server returns an HTTP 200 response. The body of the response contains:
index | type | valeur |
---|---|---|
page | JSON array | access_token : (string) OAuth 2.0 access token expires_in : (long) lifetime in secondes token_type : (string) "Bearer" scope : (string) "openid ... " id_token : (string) ID token (JWT) |
The Header includes, as it should, the ’Cache-Control: no-cache, no-store’ directive.
If unsuccessful, the body of the response contains:
index | type | valeur |
---|---|---|
page | JSON Array | error : error title, error_description : error description |
La réponse HTTP ainsi que les valeurs de error et error_description sont décrites ici : API OpenID Connect : Point d’extrémité de jeton (Token Endpoint).
Request the refresh token
OpenID Connect only returns a Refresh Token, together with the access token, if the scope "offline_access" was included in the request and accepted, which will only happen with the authorization flow via a code (Authorization Code Grant).
Code examples
Query data:
$authcode is the authorization code obtained in the previous step and sent to the CallBack page
$client_id, $client_secret: As indicated when registering the client application on the authorization server.
PHP
- // Request an access token for the application
- $url = 'http://oa.dnc.global/token';
- 'grant_type' => 'authorization_code',
- 'code' => $authcode,
- 'redirect_uri' => 'http://chemindeleau.com/callback_openid.php',
- 'client_id' => 'chemin_openid',
- 'client_secret' => '01fc458',
- );
- $access_token = $result['access_token']; // Access Token
- $id_token = $result['id_token']; // ID Token (JWT)
Authentication can also be passed in the Header like this:
- 'grant_type' => 'authorization_code',
- 'code' => $sanitized_authcode,
- 'redirect_uri' => 'http://chemindeleau.com/callback_openid.php',
- );
- $client_id = 'chemin_openid';
- $client_secret = '01fc458';
SPIP
- $url = 'http://oa.dnc.global/oauth/token.php';
- 'method' => 'POST',
- 'grant_type' => 'authorization_code',
- 'code' => $authcode,
- 'redirect_uri' => 'http://chemindeleau.com/callback_openid.php',
- 'client_id' => 'chemin_openid',
- 'client_secret' => '01fc458',
- )
- );
- $res = recuperer_url($url, $options);
- $token = $page['access_token'];
- $id_token = $page['id_token'];