Post Handle Request
This token endpoint complies with the OAuth 2.0 specifications and must be used by client to obtain an access token with client authentication.
Specifies the OAuth grant type the client is making. VMware Identity Manager supports the following grant types from the OAuth specifications: authorization_code, password, client_credentials, and refresh_token. VMware Identity Manager also supports the grant type urn:ietf:params:oauth:grant-type:jwt-bearer for using JWTs for authorization as described in the JWT Bearer Token Profiles for OAuth 2.0 specifications.
The client identifier. If the HTTP Basic authentication scheme is not used, client must specify the client identifier using this request parameter. The use of HTTP Basic is recommended.
Example_AppIDThe username, UTF-8 encoded. Required only if the grant_type is 'password'
The password, UTF-8 encoded. Required only if the grant_type is 'password'
The domain the user belongs to. Optional and only used if the grant_type is 'password'
The list of scopes of the access request. Required only if the grant_type is 'password'
The authorization code received from the authorize request. Required only if the grant_type is 'authorization_code'
The redirect_uri as provided to the authorize request. Required only if the grant_type is 'authorization_code'
Successful
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9xxxxHVcA76zjsGN2w...",
"token_type": "Bearer",
"expires_in": 21599,
"refresh_token": "21599",
"scope": "admin openid"
}The requested access token. This token can now be used to call VMware Identity Manager APIs. For example, with the 'Bearer' token type, use 'Bearer <this access token value>' as the 'Authorization' header. The access token is a JSON web token (JWT).
The access token type. It provides the client with the information required to successfully utilize the access token to make a protected resource request. For example, the 'Bearer' token type is utilized by simply including the access token string in the request: Authorization: Bearer mF_9.B5f-4.1JqM
The time (in seconds) this token expires. If the return value is positive, the access token is going to expire in that many seconds. If the return value is 0, the access token already expired.If the return value is -1, token state could not be determined, since the access token doesn't contain expiration value.
The refresh token associated with the access token, if any. This refresh token can be used to request a refresh for the associated access token.
The scope of the access token issued. The value is expressed as a list of space- delimited, case-sensitive strings.
The error can be any of those: the provided grant type is not supported, the request is missing a required parameter, the client authentication failed, the provided authorization grant is invalid, the authenticated client is not authorized to use this authorization grant type. The error message will contain 'error' and 'error_description' fields. See the OAuth2.0 spec for further details.
The client authentication failed. Check the 'Authorization' header.
The HTTP method might be incorrect, make sure you use the POST method.
The grant_type is incorrect or absent.