TokenFormData

TokenFormData
TokenFormData

The form fields that can be used when requesting an access token

JSON Example
{
    "client_id": "Example_AppID",
    "client_secret": "string",
    "scope": "openid profile email",
    "redirect_uri": "https://example-app.com/redirect?auth%3Doauth",
    "domain": "example.com",
    "username": "string",
    "password": "string",
    "grant_type": "client_credentials",
    "code": "string",
    "refresh_token": "string",
    "assertion": "string",
    "subject_token": "string",
    "subject_token_type": "string",
    "actor_token": "string",
    "actor_token_type": "string",
    "audience": "string",
    "requested_token_type": "string",
    "code_verifier": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
    "api_token": "vidb_YWMzYTMzMDYtNjUyNS00YzM3LTk4OGItMGY3OTUwZGQzOWIzI1JaWlpFM0FSTE5ES25JUFVtUmZjaVBSVDMwQXpOVTNIRHJtV3ZZajhiVVNncWtEeFI1THJLYUhGcGNZaU5oc0YjMTc0NjE1OTA2MA"
}
string As ^[a-zA-Z0-9\-_.@]+$
client_id
Optional
Constraints: maxLength: 256

This is the identifier of the OAuth 2.0 client that was registered in VMware Identity Manager. Only used when a basic Authorization header is not present in the request.

string As ^[\x20-\x7E]+$
client_secret
Optional
Constraints: maxLength: 4096

The client secret. Only used when a basic Authorization header is not present in the request.

string As ^[a-zA-Z0-9\-":\s_.+]+$
scope
Optional
Constraints: maxLength: 1024

Optional list of scopes separated by a space and is URL encoded. The scopes must be equivalent or a subset of the scopes defined in the OAuth2.0 client. Scopes that doesn't match any of the scopes defined in the OAuth2.0 client will be ignored. If omitted or empty, the scopes defined in the OAuth2.0 client will be used.

string
redirect_uri
Optional
Constraints: maxLength: 2048

Specifies the callback endpoint in your application that will receive the authorization code. It must match the redirect_uri defined in your OAuth2.0 client registration in VMware Identity Manager. When sending the redirect_uri as a URL parameter it has to be URL encoded. Required only if the grant_type is 'authorization_code'.

string As ^[a-zA-Z0-9+\-_.@\s]+$
domain
Optional
Constraints: maxLength: 100

Specifies the user's domain. If this parameter is specified, the login screen will skip the domain selection page. This can be used when it is known that a single domain is used or the domain information can be inferred automatically (from the username for example). This is a VMware Identity Manager optional parameter and is not in the OAuth 2.0 specification. Required only if the grant_type is 'password'.

string
username
Optional
Constraints: maxLength: 150

The username, UTF-8 encoded. Required only when grant_type is 'password'.

string
password
Optional
Constraints: maxLength: 256

The password, UTF-8 encoded. Required only when grant_type is 'password'.

string
grant_type
Required

Specifies the OAuth grant type the client is making. It must be one of the grant types that are defined in the OAuth2.0 client. VMware Identity Manager supports the following grant types from the OAuth specifications: authorization_code, password, client_credentials, and refresh_token. VMware Identity Manager also supports the grant type urn:ietf:params:oauth:grant-type:jwt-bearer for using JWTs for authorization as described in the JWT Bearer Token Profiles for OAuth 2.0 specifications.

Possible values are : authorization_code, password, client_credentials, refresh_token, urn:ietf:params:oauth:grant-type:jwt-bearer,
string
code
Optional
Constraints: maxLength: 255

The authorization code received from the authorize request. Required only if the grant_type is 'authorization_code'.

string As ^[A-Za-z0-9]+$
refresh_token
Optional
Constraints: maxLength: 150

The refresh token, which can be used to obtain new access tokens using the same authorization grant.. Required only if the grant_type is 'refresh_token'.

string
assertion
Optional
Constraints: maxLength: 4096

The assertion being used as an authorization grant.If an assertion is not valid or has expired 'invalid_grant' error code is returned.. Required only if the grant_type is 'urn:ietf:params:oauth:grant-type:jwt-bearer'.

string
subject_token
Optional

A security token that represents the identity of the party on behalf of whom the request is being made. For additional details, refer https://datatracker.ietf.org/doc/html/rfc8693.

string
subject_token_type
Optional

An identifier that indicates the type of the security token in the subject_token parameter.For additional details, refer https://datatracker.ietf.org/doc/html/rfc8693.

string
actor_token
Optional

A security token that represents the identity of the acting party. Typically, this will be the party that is authorized to use the requested security token and act on behalf of the subject. For additional details, refer https://datatracker.ietf.org/doc/html/rfc8693.

string
actor_token_type
Optional

An identifier that indicates the type of the security token in the actor_token parameter. For additional details, refer https://datatracker.ietf.org/doc/html/rfc8693.

string
audience
Optional

The logical name of the target service where the client intends to use the requested security token. For additional details, refer https://datatracker.ietf.org/doc/html/rfc8693.

string
requested_token_type
Optional

An identifier for the type of the requested security token. For additional details, refer https://datatracker.ietf.org/doc/html/rfc8693.

string As ^[a-zA-Z0-9\-_.~]+$
code_verifier
Optional
Constraints: maxLength: 128

Specifies the code_verifier to be verified with the authorization code. The client needs to sends this along with the authorization code for PKCE.

string
api_token
Optional

An API Token is generated by VCF Ops admin in the VCF Ops console or by SSO Federated user in the redirected page from the VCF component portal. These API Token can be exchanged for many bearer tokens as long as the TTL is not expired. To exchange for a bearer token, set 'api_token' parameter in the request.

Parameter To