Documentation
Token
Exchange authorization codes or refresh tokens for a token set.
POST/api/auth/oauth2/token
Purpose
Issues access tokens (and optionally refresh + ID tokens). Supported grants include authorization_code, refresh_token, and client_credentials when enabled for the client.
Request
Content-Type: application/x-www-form-urlencoded
| Field | Description |
|---|---|
grant_type | authorization_code or refresh_token |
code | Authorization code (code grant) |
code_verifier | PKCE verifier (code grant) |
redirect_uri | Must match authorize request |
refresh_token | For refresh grant |
client_id / client_secret | YOUR_CLIENT_ID / YOUR_CLIENT_SECRET |
resource | Optional audience for JWT access tokens |
Response
token.json
{
"access_token": "...",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "...",
"scope": "openid profile email offline_access",
"id_token": "..."
}Example
token.sh
curl -X POST "https://auth.rdnt.live/api/auth/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code" \
-d "code=AUTH_CODE" \
-d "redirect_uri=https://your-app.example/api/auth/callback" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "code_verifier=VERIFIER"