获取或刷新token

POST 
/auth/v1/token

错误处理：invalid_grant refresh token 不正确或已过期 （退出） internal：系统错误，请请稍后重试 unauthorized_client 客户端秘钥不正确 unsupported_grant_type grant_type 不支持 invalid_scope scope 不支持 invalid_argument：参数错误或用户输入的信息不正确。 invalid_client 客户端不存在 permission_denied 客户端不存在或权限不足 resource_exhausted 用户请求超过频次限制

Request

application/json

Body

required

grant_type string
code grant_type 为 authorization_code 时使用 (string)
refresh_token refresh_token 刷新token时, 使用 (string)
username grant_type 为 password时使用 (string)
password grant_type 为 password时使用 (string)
scope scope，可选 (string)
nonce 随机字符串, 可选 (string)
code_verifier PKCE: code_verifier (string)
device_code Device Code Flow https://tools.ietf.org/html/rfc8628 (string)

Responses

200

A successful response.

application/json

Schema

Schema

token_type string
access_token string
refresh_token string
id_token string
expires_in int32
scope string
sub string
groups string[]
need_weda_resource boolean

Example (from schema)

{
  "token_type": "string",
  "access_token": "string",
  "refresh_token": "string",
  "id_token": "string",
  "expires_in": 0,
  "scope": "string",
  "sub": "string",
  "groups": [
    "string"
  ],
  "need_weda_resource": true
}

401

the oauth2.0 access token is not correct or expired

application/json

Schema

Schema

any

default

An unexpected error response.

application/json

Schema

Schema

code int32
message string
details object[]
Array [
@type string
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one "/" character. The last segment of the URL's path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows:
• If no scheme is provided, https is assumed.
• An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error.
• Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.)
Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com.
Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.
]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Loading...