Fetch access token
This endpoint allows userapp
and sysapp
to fetch access tokens. For userapp
, use this endpoint after the /authorize
endpoint and the subsequent callback. For userapp
this endpoint supports generation of access token from authorization code or from refresh token, sent in the previous authorize
endpoint’s callback. For sysapp
this endpoint can directly be used to get an access token, no prior /authorize
end point call is needed.
NOTE: Fetching a token for a sysapp
via the browser on our developer portal WILL NOT WORK as browser requests to the token endpoint must use PKCE. Instead, send the request through a server side/native method and ensure the ‘Origin’ header is not present.
https://{customer_name}.login.fabric.inc
Headers
Required for userapp
with authorization code flow without PKCE and for sysapp
. Basic authorization header should be created using the client ID and client secret of the userapp
or sysapp
. The value should be derived as Basic base64encode(client_id:client_secret)
. Refer to https://datatracker.ietf.org/doc/html/rfc2617#section-2 for additional info.
Path Parameters
Use default
for userapp
flows. For sysapp
, use the tenant-specific server ID provided by fabric Identity (see Getting Started).
Body
Required only for userapp
and authorization code flow with PKCE.
Required only for userapp
and authorization code flow with PKCE.
Required for userapp
with both authorization code flow with and without PKCE. URL encoded redirect_uri
sent by the userapp
in the previous /authorize
call.
Required for all authentication flows and app types. Set to authorization_code
for userapp
(for both authorization code flow with and without PKCE). Set to client_credentials
when using for sysapp
.
authorization_code
, client_credentials
Required only for userapp
and authorization code flow with PKCE. Code verifier using for deriving the code_challenge
sent in the /authorize
call. Refer to https://datatracker.ietf.org/doc/html/rfc7636#section-4.2 for more details
Required for userapp
with both authorization code flow with and without PKCE. <br /> Authorization code received as part of the callback response to the /authorize
call.
Required only for sysapp
. Value should always be set to s2s
.
Response
Will always be set to Bearer
Describes the time in seconds in which the issued access token expires
The access token issued for the logged in user or the app itself. This access token should be used as a bearer token in the Authorization
header of subsequent fabric API calls.
This token certifies that the user or app was indeed authenticated successfully. However, this token is not to be used when invoking fabric APIs, use access token instead.
Always set to "openid profile email" as part of the OpenID Connect standard.
Was this page helpful?