OAuth2 API

Get Authorization Token

post

/oauth2/token

This request is used by the Issuer backend to get a Thales authorization token.

Header parameters

x-correlation-idstringOptional

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

Warning: This identifier should not be derived from sensitive personal data, as its value will be logged in clear.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Pattern: ^[A-Za-z0-9_-]{1,64}$

Body

grant_typestring · enumRequired

Describes the flow.
In our case we have defined the JWT bearer flow, so you will have to set urn:ietf:params:oauth:grant-type:jwt-bearer

Possible values:

assertionstringRequired

The assertion is the entire JWT value.
Please refer to Authorization flow for more details on how to generate this JWT.
The JWT must contain the following fields:

iss: Issuer of the JWT. It shall be the issuerId and it will be used to lookup the onboarded public key.
exp: The validity must be the expiration time of the assertion within 15 minutes, expressed as the number of seconds from 1970-01-01T0:0:0Z measured in UTC.

Supported alg: ES256.

Responses

200

Default allowed response

application/json

400

Bad request

post

/oauth2/token

POST /authz/v1/oauth2/token HTTP/1.1
Host: api.d1.thalescloud.io
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 79

"grant_type='urn:ietf:params:oauth:grant-type:jwt-bearer'&assertion='text'"

{
  "access_token": "ey...HRT6LOON7w",
  "expires_in": 900,
  "scope": "d1-api:account:full d1-api:consumer:read",
  "token_type": "Bearer"
}

PreviousInbound API (to D1)NextConsumer API

Last updated 5 months ago

Was this helpful?