Getting or Refreshing a token

POST 
/auth/v1/token

Error handling: invalid_grant refresh token is invalid or has expired (Log out) internal: System error, please try again later unauthorized_client client secret key is incorrect unsupported_grant_type grant_type is not supported invalid_scope scope is not supported invalid_argument: Parameter error or user input information is incorrect invalid_client The client does not exist permission_denied The client does not exist or has insufficient permissions resource_exhausted User requests exceed the frequency limit

Request

application/json

Body

required

grant_type string
code Used when grant_type is authorization_code (string)
refresh_token Used when refreshing token with refresh_token (string)
username Used when grant_type is password (string)
password Used when grant_type is password (string)
scope scope, optional (string)
nonce Random string, optional (string)
code_verifier PKCE: code_verifier (string)
device_code Device Code Flow https://tools.ietf.org/html/rfc8628 (string)

Responses

200

A successful response.

application/json

Schema

Schema

token_type string
access_token string
refresh_token string
id_token string
expires_in int32
scope string
sub string
groups string[]
need_weda_resource boolean

Example (from schema)

{
  "token_type": "string",
  "access_token": "string",
  "refresh_token": "string",
  "id_token": "string",
  "expires_in": 0,
  "scope": "string",
  "sub": "string",
  "groups": [
    "string"
  ],
  "need_weda_resource": true
}

401

the oauth2.0 access token is not correct or expired

application/json

Schema

Schema

any

default

An unexpected error response.

application/json

Schema

Schema

code int32
message string
details object[]
Array [
@type string
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one "/" character. The last segment of the URL's path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows:
• If no scheme is provided, https is assumed.
• An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error.
• Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.)
Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com.
Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.
]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Loading...