Getting or Refreshing a token

POST 
/auth/v1/token

1.Refresh Token Refresh Mechanism

Interface Description

Obtain a new access_token using a valid refresh_token. The original refresh_token will become invalid immediately (compliant with RFC 6749 Section 6).

Request Sample:

  {
    "client_id": "mock_AAU5Pw78ioGQnUP4",
    "grant_type": "refresh_token",
    "refresh_token": "mock_m.yPxK8mLnVrQwEoDzFcHbNtGsYvXpRjWq-3eSd2fA1gU5iI9kO0lP7uJ4mT6nB8yC_1xZ2vD3aQ4wF5eR6tG7hY8jM9kL0oN1iP2uK3lQ4mW5nX6bV7cC8dA9fS0gH1jJ2kL3mN4o"
  }

2. Password Mode Authentication

Interface Description

Obtain an access_token based on Resource Owner Password Credentials Grant (RFC 6749 Section 4.3)

Request Sample:

  {
    "client_id": "mock_AAU5Pw78ioGQnUP4",
    "grant_type": "password",
    "username": "mock_user001",
    "password": "mock_password@123"
  }

3. Client Credentials Grant

Interface Description

Obtain a server-side access_token using Client Credentials Grant (RFC 6749 Section 4.4)

Authentication Method

  Add request header:
  Authorization: Basic ${base64(SecretId:SecretKey)}

  {
    "client_id": "mock_AAU5Pw78ioGQnUP4",
    "grant_type": "client_credentials"
  }

Key Features

• Does not return a refresh_token
• Automatic granting of super administrator permissions
• Need to obtain SecretId/SecretKey via Tencent Cloud CAM

Security Specifications:

• SecretKey must be stored in a secure storage medium
• The caller must possess a server-side trusted environment

Request

Query Parameters

client_id string

The client ID corresponding to the application, which defaults to the environment ID and can be omitted

Header Parameters

x-device-id stringrequired

Device ID

application/json

Body

grant_type Authorization method for obtaining a token (string)nullable
code Used when grant_type is authorization_code (string)
refresh_token Used when refreshing a token with refresh_token (string)
username Used when grant_type is password (string)
password Used when grant_type is password (string)
scope Scope, optional (string)
nonce Random string, optional (string)
code_verifier PKCE: code_verifier (string)
device_code Device Code Flow https://tools.ietf.org/html/rfc8628 (string)

Responses

200

A successful response.

Response Headers

application/json

Schema

Schema

token_type Access Token Type (string)

Always returns Bearer

access_token User's Access Token (string)

Token used to access the Cloud Development HTTP API, with a maximum length of 4096 characters

refresh_token User's Refresh Token (string)

When the access_token expires, it can be refreshed using the refresh_token to obtain a new access_token. The default expiration time is 31 days. Maximum length is 128 characters

expires_in int32

Expiration time of the access_token in seconds

scope Authorization Scope (string)
sub User's Unique ID (string)
groups string[]

Example (from schema)

{
  "token_type": "string",
  "access_token": "string",
  "refresh_token": "string",
  "expires_in": 0,
  "scope": "string",
  "sub": "string",
  "groups": [
    "string"
  ]
}

500

An unexpected error response.

Response Headers

application/json

Schema

Schema

error Error Message (string)
error_code int32
error_description Error Description (string)

Example (from schema)

{
  "error": "string",
  "error_code": 0,
  "error_description": "string"
}

Loading...