Token Endpoint
The token endpoint can be used to programmatically request tokens.
Transform Identity Engine supports a subset of the OpenID Connect and OAuth 2.0 token request parameters. For a full list, see here.
Required parameters
client_id: client identifier
grant_type
authorization_code
client_credentials
password
refresh_token
urn:ietf:params:oauth:grant-type:device_code
extension grant
Optional parameters
client_secret: client secret for confidential/credentials clients - either in the post body, or as a basic authentication header.
scope: one or more registered scopes. If not specified, a token for all explicitly allowed scopes will be issued.
redirect_uri: required for the authorization_code grant type
code: the authorization code (required for authorization_code grant type)
code_verifier: PKCE proof key
username: resource owner username (required for password grant type)
password: resource owner password (required for password grant type)
acr_values: allows passing in additional authentication-related information. Duende IdentityServer special cases the following proprietary acr_values
- tenant:name_of_tenant: can be used to pass a tenant name to the token endpoint
refresh_token: the refresh token (required for refresh_token grant type)
device_code: the device code (required for urn:ietf:params:oauth:grant-type:device_code grant type)
POST /connect/token
CONTENT-TYPE application/x-www-form-urlencoded
client_id=client1&
client_secret=secret&
grant_type=authorization_code&
code=hdh922&
redirect_uri=https://myapp.com/callback
.NET client library
You can use the IdentityModel client library to programmatically interact with the protocol endpoint from .NET code.
using IdentityModel.Client;
var client = new HttpClient();
var response = await client.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = TokenEndpoint,
ClientId = "client",
ClientSecret = "secret",
Code = "...",
CodeVerifier = "...",
RedirectUri = "https://app.com/callback"
});