GenerateToken - Identity as a Service - Alibaba Cloud Documentation Center

Generates a token for accessing an application in an instance.

Operation description

Note

The following authorization types are supported: authorization code, device code, refresh token, and client credentials.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request syntax

POST /v2/{instanceId}/{applicationId}/oauth2/token

Request parameters

Parameter	Type	Required	Description	Example
instanceId	string	Yes	The instance ID.	idaas_ue2jvisn35ea5lmthk267xxxxx
applicationId	string	Yes	The application ID.	app_mkv7rgt4d7i4u7zqtzev2mxxxx
client_id	string	No	The client ID.	app_mkv7rgt4d7i4u7zqtzev2mxxxx
client_secret	string	No	The client secret. This parameter is required if grant_type is set to client_credentials.	CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx
grant_type	string	Yes	The authorization type. Valid values: authorization_code urn:ietf:params:oauth:grant-type:device_code refresh_token client_credentials: You must specify the client_id and client_secret parameters. password: This option is not supported.	client_credentials
code	string	No	The authorization code. This parameter is required if grant_type is set to authorization_code.	xxxx
username	string	No	The username. This parameter is required if grant_type is set to password. The password authentication type is not supported.	uesrname_001
password	string	No	The username. This parameter is required if grant_type is set to password. The password authentication type is not supported.	xxxxxx
device_code	string	No	The device code. This parameter is required if grant_type is set to authorization_code.urn:ietf:params:oauth:grant-type:device_code.	xxxx
redirect_uri	string	No	The redirect URI. This parameter is required if grant_type is set to authorization_code. The value of this parameter must be the same as the redirect URI in the request to obtain the authorization code.	xxx
refresh_token	string	No	The refreshed token. This parameter is required if grant_type is set to refresh_token.	ATxxx
code_verifier	string	No	The verification code.	xxx
exclusive_tag	string	No	The excluded tags.	ATxxx
scope	string	No	The authorization scope. Valid values: openid email phone profile	xxxx

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
token_type	string	The type of the token. Valid values: Basic Bearer	Bearer
access_token	string	The access token.	ATxxx
refresh_token	string	The refresh token.	RTxxx
expires_in	long	The remaining validity period of the token. Unit: seconds.	1200
expires_at	long	The time when the token expires. This value is a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC.	1653288641
id_token	string	The ID token.	xxxxx

Examples

Sample success responses

JSONformat

{
  "token_type": "Bearer",
  "access_token": "ATxxx",
  "refresh_token": "RTxxx",
  "expires_in": 1200,
  "expires_at": 1653288641,
  "id_token": "xxxxx"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2023-10-24	The internal configuration of the API is changed, but the call is not affected	View Change Details
2023-04-04	The internal configuration of the API is changed, but the call is not affected	View Change Details