Documentation Index
Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
POST /oauth/token
For token-based authentication, use the oauth/token endpoint to get an access token for your application to make authenticated calls to a secure API. Optionally, you can also retrieve an ID Token and a Refresh Token. ID Tokens contains user information in the form of scopes you application can extract to provide a better user experience. Refresh Tokens allow your application to request a new access token once the current token expires without interruping the user experience. To learn more, read ID Tokens and Refresh Tokens.
Note that the only OAuth 2.0 flows that can retrieve a Refresh Token are:
- Authorization Code Flow (Authorization Code)
- Authorization Code Flow with PKCE (Authorization Code with PKCE)
- Resource Owner Password
- Device Authorization Flow
- Token Exchange*
Parameters
A DPoP proof for the request. This is optional and only required if your application uses Demonstrating Proof-of-Possession.
Request Body
Denotes the flow you are using. For Authorization Code, use
authorization_code.Your application’s Client ID.
Your application’s Client Secret.
The Authorization Code received from the initial
/authorize call.This is required only if it was set at the GET /authorize endpoint. The values from
/authorize must match the value you set at /oauth/token.Response
| Status | Description |
|---|---|
| 200 | Successful token retrieval |