Token is a standard endpoint used for requesting various combinations of ID Token, Access Token and Refresh Token. In addition, BankID OIDC extends the token response with the BankID Proof token if requested. The type of request (and corresponding response) is determined by the grant_type
request parameter as described further below.
Table of Contents | ||
---|---|---|
|
Overview
URL | https://<oidc-baseurl>/protocol/openid-connect/token |
---|---|
Request | POST with parameters in body as application/x-www-form-urlencoded data |
Authentication | OIDC/OAuth2 client authentication according to supported methods |
Success response | 200 OK with JSON containing response elements |
Error response | 400 Bad request with JSON containing standard error reponse elements |
Example | See below |
...
The response for Authorization Code and Refresh Token is a JSON structure according to KeycloackKeycloak default with the following claims
Name | Description | Comment |
---|---|---|
id_token | JWT encoded ID Token | Standard claim with Keycloack Keycloak specific content |
access_token | JWT encoded Access Token | Standard claim with Keycloack Keycloak specific content |
token_type | Always bearer | Standard claim. Change notice: Will be changed to Bearer |
expires_in | Life-time of access_token. | Standard claim. Related to the exp claim inside the Access Token. See session handling |
refresh_token | JWT encoded Refresh Token | Standard claim with Keycloack Keycloak specific content |
refresh_expires_in | Life-time of refresh_token | Keycloack Keycloak specific claim. Related to the exp claim inside the Refresh Token. See session handling |
bankid_proof | JWT encoded BankID Proof Token | BankID OIDC custom claim that includes proof of BankID authentication. Included if requested using the bankid_proof scope. |
not-before-policy | TBD | Keycloack Keycloak specific claim |
session_state | TBD | Keycloack Keycloak specific claim. Depreciation notice: Will be replaced by sid |
sid | Session ID | Keycloack Keycloak specific claim. |
Client Credentials
...