POST token

POST Returns a new OAuth token.

Resource URL

https://www.drillster.com/daas/oauth/token

Parameters

Field Type Description
client_id
required
String The client ID of the registered application. Client IDs may be publicly shared.
client_secret
required
String The client secret of the registered application. The name implies that the client secret should not be shared with the end user.
grant_type
required
String

The type of operation requested. Possible values are:

  • authorization_code — For Authorization Code grant type. Requires that code is given.
  • refresh_token — For refreshing expired access tokens. Requires that refresh_token is given.
code
optional
String User for Authorization Code grant type.
refresh_token
optional
String User for refreshing expired access tokens.

Response

A 2.0 Token object.

Example request

POST https://www.drillster.com/daas/oauth/token
client_id=874a16d4ac764ce4a545f0cca4584c63
client_secret=5782b2e7532b48b5a0798f2ad6644614
grant_type=authorization_code
code=cIEL8h

Response

{
  "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJXSHJrck9DMFNEcWY2VjNXYVRrblpRIiwiZXhwIjoxNDY1ODI5Mjc0LCJqdGkiOiIwNzBiOGE1MS1hYjFkLTRlZDktODJjZS04YzNmZTlkMTJlMmEiLCJjbGllbnRfaWQiOiIzYWFhZTU1ZDc0ZDk0NmY0YWM2NTY4YTA3MjYxMDk5ZCIsInNjb3BlIjpbIlJPTEVfVVNFUiJdfQ.DmqZWRDMV4zctJ5R_WSsn_axGzfDNGOJJO79_garrM9w8zOvd7ZmAGgtFrVVcUWjfR3AR0RaXGM3wdHoqOs2YleD_AeYcrxDPJkiUDoQXQN3I9qNsediwhcMYj9l5UYlpR6uD3lcRzkCM4L5u4PTqs2RjZL2GBgvUMeQZNowpyK_shT_o_U4Y_LFnBWFf2c9MtKhUAIuNdqQ98jAxwEnS2tO_OUFCZ2JzZyFHmteQYz8q_kl5SE0UdBXmUfl4RKmxmozKyQFIA3p56Qtl65E_t8lJQVLC0OwL-2elAJMgqQy-J-ZHB3b9SMM9HXIDe81J-Sx51-R8bK4Dx28EZIPdg",
  "expires_in": 2591999,
  "jti": "070b8a51-ab1d-4ed9-82ce-8c3fe9d12e2a",
  "refresh_token": "ca9ff8d9-c62e-424c-b57c-68f544d8d07e",
  "scope": "ROLE_USER",
  "token_type": "bearer"
}

Error responses

The following error situations are possible:

ID Response code Description
invalid_request 400 (Bad request) The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.
invalid_client 400 (Bad request) Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client.
invalid_grant 400 (Bad request) The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
unauthorized_client 400 (Bad request) The authenticated client is not authorized to use this authorization grant type.
unsupported_grant_type 400 (Bad request) The authorization grant type is not supported by the authorization server.
invalid_scope 400 (Bad request) The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.