POST /auth/token
Request Information
As defined in the OAuth 2.0 protocol, the token request needs to be formatted as application/x-www-form-urlencoded.
Resource Description
Name | Description | Type | Additional information |
---|---|---|---|
client_id |
The unique identifier assigned to your application. |
string |
Required. Use HTTP Basic Authentication as stated in the Note section below. |
client_secret |
The password for your application. |
string |
Required. Use HTTP Basic Authentication as stated in the Note section below. |
subject_token |
The IDP's access token of the calling user. |
string |
Required. To validate and exchange with unity access token. |
subject_token_type |
Specifies the type of the subject token. |
string |
Required. Only JWT tokens are processed. |
grant_type |
MUST be set to "token_exchange". |
string |
Required |
scope |
Specifies the set of operations the requested access token should be permitted to use. When requesting multiple scopes, the value must be expressed as a list of space-delimited API scopes. |
string |
Required. See Service Extensions and Scopes for further details. |
Note
It is recommended to use the HTTP Basic Authentication scheme (as defined in RFC 2617) for client authentication. Only clients unable to directly utilize the HTTP Basic Authentication should send "client_id" and "client_secret" in the request body. In order for a client to use HTTP Basic Authentication, the following steps need to be performed:
- Concatenate "client_id" and "client_secret" with a colon in between: {client_id}:{client_secret}
- Base64-encode the concatenated string.
- Add the following Authorization header to the request: Basic {Base64-encoded-string}
Request Format (with HTTP Basic Authentication)
POST /auth/token HTTP/1.1 Authorization: Basic bXlUZXN0QXBwOm15U2VjcmV0 Content-Type: application/x-www-form-urlencoded subject_token=eyJraWQiOiIyMTMwODI2ODkyNDIzMzgyOTExNDM1NjMxOTkwMzI0ODM3ODY1NzgzNzIwMDI0Mj&subject_token_type=jwt&grant_type=token_exchange&scope=SecureCloud.Usage
Request Format (with "client_id" and "client_secret" in request body)
POST /auth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded client_id=myTestApp&client_secret=mySecret&subject_token=eyJraWQiOiIyMTMwODI2ODkyNDIzMzgyOTExNDM1NjMxOTkwMzI0ODM3ODY1NzgzNzIwMDI0Mj&subject_token_type=jwt&grant_type=token_exchange&scope=SecureCloud.Usage
Response Information
As defined in the OAuth 2.0 protocol, the token response is formatted as JSON.
Resource Description
Name | Description | Type | Additional information |
---|---|---|---|
access_token |
The access token used to send authenticated requests to the Unity API. |
string |
Required |
token_type |
Identifies the type of token. This field is always set to "bearer". |
string |
Required |
expires_in |
The lifetime of the access token in seconds. |
number |
Required |
refresh_token |
The refresh token used for refreshing (obtaining a new) access token. |
string |
Required |
scope |
The set of operations the issued access token is permitted to request. |
string |
Required |
Response Format
{ "access_token": "h9uAtymEyHDKRZex-CAdGGm7ckdv68vcsJtRNikQBKQKahPAVih2UHA0Kh8YxqjcK9WjKo8pQSXLT2KzBkL1yRzmvgzT3I3YOVl9vgHGjnZ3oGY87BJOb5SFYVx PcUU33jPV--crrvi8BuSfBa3SptRhCzF1xDKTayQrTmg-zyliKofR2FvyrBUgS0SYt8RdOnOwcczhA_AaOBUgDCKTbgRTAs8Jnh7seBrbNMN4SWHbsLn1pMOE0bkoYz-mZhc8dqoJ_q 85yHmV8hLj00DE1DthL5SD0Ji79yCcLNOVDFdIU8Fm5WeQG-WtbptWrwkNyJDCBuvKtb3Iw2Ss3Qw1N0CQiLre0BgwbyTS0L7bKmd1MZDQ", "token_type": "bearer", "expires_in": 299, "refresh_token": "342187561f1943309d459ae2de05ecef", "scope": "[\"SecureCloud.Usage\"]" }