Skip to main content
POST
/
token
Create token [ca-1]
curl --request POST \
  --url https://eu.id.resistant.ai/oauth2/ausd6inbxjwgeJfq4417/v1/token \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data 'scope=<string>'
{
  "access_token": "<string>",
  "device_secret": "<string>",
  "expires_in": 123,
  "id_token": "<string>",
  "refresh_token": "<string>",
  "scope": "<string>",
  "token_type": "Bearer"
}

Authorizations

Authorization
string
header
required

Pass the client credentials concatenated with a : and base64-encoded as part of the Authorization header prefixed with Basic

Authorization: Basic {base64(<client_id>:<client_secret>)}
Authorization: Basic MGpyYWJ5UVdtNEI5elZKUGJvdFk6NVc3WFVMQ0VzNEJKS25XVVh3aDhsZ21lWFJoY0djZFZpRnA4NHBXZQ==

Body

application/x-www-form-urlencoded
grant_type
enum<string>

Determines the mechanism Okta uses to authorize the creation of the tokens

Available options:
client_credentials
scope
string

The scopes requested

Response

Based on the scopes requested. The scopes specified in a request are included in the access token in the response.

access_token
string

An access token

device_secret
string

An opaque device secret. This is returned if the device_sso scope is granted.

expires_in
integer

The expiration time of the access token in seconds

id_token
string

An ID token. This is returned if the openid scope is granted.

refresh_token
string

An opaque refresh token. This is returned if the offline_access scope is granted.

scope
string

The scopes contained in the access token

token_type
enum<string>

The token type in a /token response. The value is generally Bearer except for a few instances of token exchange.

Available options:
Bearer