PkceFlowAuthorizationRequest

PkceFlowAuthorizationRequest
PkceFlowAuthorizationRequest
JSON Example
{
    "grant_type": "string",
    "code": "string",
    "redirect_uri": "string",
    "refresh_token": "string",
    "scope": "string",
    "org_id": "string",
    "subject_token": "string",
    "subject_token_type": "string",
    "code_verifier": "string",
    "client_id": "string"
}
string
grant_type
Required

OAuth grant types for different use cases.

string
code
Optional

Authorization code parameter. Mandatory for grant_type 'authorization_code'.

string
redirect_uri
Optional

Service redirect uri. Mandatory for grant_type 'authorization_code'.

string
refresh_token
Optional

Refresh token parameter. Available for grant_type 'refresh_token'.

string
scope
Optional

Currently not supported. Present for CSP compatibility.

string
org_id
Optional

Unique identifier (GUID) of the organization. Available for grant_type 'client_credentials'.

string
subject_token
Optional

Required if the grant_type is 'client_delegate'. A security token that represents the identity of the party on behalf of whom the request is being made. In client_delegate flow, the token provided MUST BE the access token of the user.

string
subject_token_type
Optional

Required if the grant_type is 'client_delegate'. The identifier for the subject token provided as per RFC 8693 https://tools.ietf.org/html/rfc8693#section-3. In 'client_delegate' flow, this value MUST BE 'urn:ietf:params:oauth:token-type:access_token'.

string
code_verifier
Optional

A high-entropy cryptographic random key using the characters [A-Z] / [a-z] / [0-9] / '-' / '.' / '_' / '~' with a minimum length of 43 characters and a maximum length of 128 characters which was used to generate the 'code_challenge' and obtain the authorization code. Required if PKCE was used in the authorization code grant request. For more information, refer the PKCE RFC at https://tools.ietf.org/html/rfc7636.

string
client_id
Optional

Required if the grant_type is 'authorization_code'.If provided in request body,it must match with the client_id sent in the authorization header.