POST /oauth2/token
Get access, refresh and id tokens, as per the
Open ID Connect specification for the token request.
Request must include client ID and Secret in Basic Authentication header, i.e. the 'client_secret_basic' authentication method, as per the
Open ID Connect specification for client authentication.
OAuth 2.0 refresh tokens are only issued when the "offline_access" scope is authorized. Refresh tokens issued by Synapse are single-use only,
and expire if unused for 180 days. Using the refresh_token grant type will cause Synapse to issue a new refresh token in the token response, and the old
refresh token will become invalid. Some token metadata, such as the unique refresh token ID and configurable token name, will not change when
a refresh token is rotated in this way.
Access tokens issued via a refresh token will also include a 'refresh_token_id' claim that can be used to identify the chain of refresh tokens that the
access token is related to.
Resource URL
https://repo-prod.prod.sagebase.org/auth/v1/oauth2/token
Parameters
| grant_type | authorization_code or refresh_token |
| code optional |
required if grant_type is authorization_code |
| redirect_uri optional |
required if grant_type is authorization_code |
| refresh_token optional |
required if grant_type is refresh_token |
| scope optional |
only provided if grant_type is refresh_token |
| Resource Information | |
|---|---|
| Authentication | not required |
| HTTP Method | POST |
| Request Object | None |
| Response Object | OIDCTokenResponse (application/json) |