Token Endpoint

Token Endpoint

curl --request POST \
  --url https://api.bkey.id/oauth/token \
  --header 'Authorization: Bearer <token>'

{
  "access_token": "<string>",
  "token_type": "Bearer",
  "expires_in": 123,
  "scope": "<string>",
  "refresh_token": "<string>",
  "id_token": "<string>"
}

POST

oauth

token

Token Endpoint

curl --request POST \
  --url https://api.bkey.id/oauth/token \
  --header 'Authorization: Bearer <token>'

{
  "access_token": "<string>",
  "token_type": "Bearer",
  "expires_in": 123,
  "scope": "<string>",
  "refresh_token": "<string>",
  "id_token": "<string>"
}

Authorizations

Authorization

string

header

required

EdDSA-signed JWT obtained via OAuth 2.1 client_credentials or CIBA

Response

Default Response

access_token

string

required

EdDSA-signed JWT

token_type

enum<string>

required

Available options:

Bearer

expires_in

integer

required

Token lifetime in seconds

scope

string

Space-separated list of granted scopes

refresh_token

string

id_token

string

OIDC ID token (if openid scope was granted)

Get JWKS CIBA Backchannel Authorize

⌘I

Overview

OAuth 2.1 & OIDC

Vault

Checkout

Payments

Authorizations

Response