Authorization code
For the authorization code flow, calling the token endpoint is the second step of the flow. HTTP POST is used for the token endpoint.
Example: http://127.0.0.1:8080/oidc/tenant1/token-endpoint
Request parameters
These parameters must be posted as a part of the URL-encoded form values.
code
The value that was returned from the authorization endpoint.
client_id
Identifies the client and must match the value configured in FortifiedID Integrity.
client_secret
Authenticates the client and must match the value configured in FortifiedID Integrity.
grant_type
Supported value is authorization_code
.
redirect_uri
Specifies the redirect location. It must match the value configured in FortifiedID Integrity.
code_verifier
Required if code_challenge
was used in the authorization endpoint request.
Client authentication methods
FortifiedID Integrity supports the following methods:
client_secret_basic
Provide 'clientid' and 'client_secret' in the Authorization header. (Basic auth)
client_secret_post
Provide 'clientid' and 'client_secret' as parameters in the POST request body.
none
For PKCE use. Provide the 'code_verifier' as a parameter in the POST request body.