Token Endpoint

The Token (/connect/token) endpoint is the service where a client application exchanges credentials for tokens.

Copy

URI

https://idp.contoso.com/dppassivests/connect/token

Unlike the authorization endpoint, which is designed for browser-based redirection, the token endpoint is intended for direct communication between the client and the identity provider over HTTPS.

It issues access tokens, ID tokens, and optionally refresh tokens, depending on the flow used.

Important: DigitalPersona 4.3.0 only supports the autorization_code grant type.

Authorization Code Request

Copy

Sample request

POST /dppassivests/connect/token HTTP/1.1
Host: idp.contoso.com
Content-Type: application/x-www-form-urlencoded
client_id=test_client
    &client_secret=secret
    &grant_type=authorization_code
    &code=dfb74d09ffc2db31e7eb8a2196d5815d
    &redirect_uri=https%3A%2F%app.company.com%2Foidc
    &scope=openid+email

Where:

Parameter	Description
client_id	Client identifier
client_secret	Client secret phrase
grant_type	Must be authorization_code
code	A temporary code, that can be requested using authorization endpoint
redirect_uri	One of the registered redirection URI
[scope]	Requested scopes for the ID token

Authorization Code Response

Copy

Sample response

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
{
    "access_token": "eyJhbGciOiJ...",
    "token_type": "Bearer",
    "expires_in": 3600,
    "id_token": "eyJhbGciOi..."
}

Where:

Parameter	Description
access_token	Access token
token_type	Token type, always "Bearer"
expires_in	Access token lifetime in seconds
id_token	ID token in the JWT format