Documentation

Token

Exchange authorization codes or refresh tokens for a token set.

POST/api/auth/oauth2/token

Purpose

Issues access tokens (and optionally refresh + ID tokens). Supported grants include authorization_code, refresh_token, and client_credentials when enabled for the client.

Request

Content-Type: application/x-www-form-urlencoded

FieldDescription
grant_typeauthorization_code or refresh_token
codeAuthorization code (code grant)
code_verifierPKCE verifier (code grant)
redirect_uriMust match authorize request
refresh_tokenFor refresh grant
client_id / client_secretYOUR_CLIENT_ID / YOUR_CLIENT_SECRET
resourceOptional audience for JWT access tokens

Response

token.json
{
  "access_token": "...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "...",
  "scope": "openid profile email offline_access",
  "id_token": "..."
}

Example

token.sh
curl -X POST "https://auth.rdnt.live/api/auth/oauth2/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code=AUTH_CODE" \
  -d "redirect_uri=https://your-app.example/api/auth/callback" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "code_verifier=VERIFIER"