All Products
Search

This Product

    Identity as a Service:GenerateToken

    Document Center

    Identity as a Service:GenerateToken

    Last Updated:Jun 10, 2026

    Menghasilkan token akses untuk aplikasi di instans IDaaS tertentu berdasarkan informasi kredensial.

    Deskripsi operasi

    The following methods are supported: Authorization Code, Device Flow, Refresh Token, Client Credentials, and Password.

    1. Authorization Code

    Scenario: This is the standard OAuth 2.0 authorization code flow, which is suitable for web applications with frontend interaction. Example call:

    POST /v2/{instanceId}/{applicationId}/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code={authorization_code}
&redirect_uri={redirect_uri}
&client_id={client_id}
&client_secret={client_secret}

    Parameters:

    ● code: The authorization code obtained from the authorization endpoint.

    ● redirect_uri: Must be the same as the redirect_uri that was used to obtain the authorization code.

    1.1 Authorization Code for public clients

    Scenario: This scenario is suitable for applications that cannot securely store a secret, such as single-page applications (SPAs) or native applications. In this flow, a client_secret is not required, but you must use the Proof Key for Code Exchange (PKCE) mechanism. Example call:

    POST /v2/{instanceId}/{applicationId}/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code={authorization_code}
&redirect_uri={redirect_uri}
&client_id={client_id}
&code_verifier={code_verifier}

    Parameters:

    ● code_verifier: The code verifier for the PKCE mechanism. The client generates it when initiating an authorization request and uses it to derive the `code_challenge`. When exchanging for a token, you must submit this value. It must be identical to the value used to generate the `code_challenge`.

    Java example for generating a code_verifier and code_challenge:

    String codeVerifier = Base64.getUrlEncoder().withoutPadding().encodeToString(new SecureRandom().generateSeed(43));
String codeChallenge = Base64.getUrlEncoder().withoutPadding().encodeToString(java.security.MessageDigest.getInstance("SHA-256").digest(codeVerifier.getBytes()));

    2. Device Flow

    Scenario: This scenario is suitable for input-constrained devices, such as TVs and IoT devices. Example call:

    POST /v2/{instanceId}/{applicationId}/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=urn:ietf:params:oauth:grant-type:device_code
&device_code={device_code}
&client_id={client_id}
&client_secret={client_secret}

    To obtain the device code, first call /oauth2/device/code to retrieve the device_code and user_code.

    2.1 Device Flow for public clients

    Scenario: This scenario is used when interactive logon is not convenient and the client is a public client. Example call:

    POST /v2/{instanceId}/{applicationId}/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=urn:ietf:params:oauth:grant-type:device_code
&device_code={device_code}
&client_id={client_id}

    3. Refresh Token

    Scenario: This scenario uses a refresh_token to obtain a new access_token. Example call:

    POST /v2/{instanceId}/{applicationId}/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token
&refresh_token={refresh_token}
&client_id={client_id}
&client_secret={client_secret}

    4. Client Credentials

    Scenario: This scenario is for server-to-server authentication without user involvement. Example call:

    POST /v2/{instanceId}/{applicationId}/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id={client_id}
&client_secret={client_secret}
&scope={scope}

    5. Password

    Scenario: This scenario uses traditional username and password authentication. Use this method with caution. Example call:

    POST /v2/{instanceId}/{applicationId}/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=password
&username={username}
&password={password}
&client_id={client_id}
&scope={scope}

    Coba sekarang

    Coba API ini di OpenAPI Explorer tanpa perlu penandatanganan manual. Panggilan yang berhasil akan secara otomatis menghasilkan contoh kode SDK sesuai dengan parameter Anda. Unduh kode tersebut dengan kredensial bawaan yang aman untuk penggunaan lokal.

    Test

    RAM authorization

    Tidak ada otorisasi untuk operasi ini. Jika Anda mengalami masalah saat menjalankan operasi ini, hubungi dukungan teknis.

    Sintaks permintaan

    POST /v2/{instanceId}/{applicationId}/oauth2/token HTTP/1.1

    Path Parameters

    Parameter

    Type

    Required

    Description

    Example
    instanceId

    string

    Yes

    ID instans.

    idaas_ue2jvisn35ea5lmthk267xxxxx
    applicationId

    string

    Yes

    ID aplikasi.

    app_mkv7rgt4d7i4u7zqtzev2mxxxx

    Parameter permintaan

    Parameter

    Type

    Required

    Description

    Example
    client_id

    string

    No

    ID klien.

    app_mkv7rgt4d7i4u7zqtzev2mxxxx
    client_secret

    string

    No

    Rahasia klien. Parameter ini wajib saat `grant_type` adalah `client_credentials` dan metode `client_secret_post` digunakan.

    CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx
    grant_type

    string

    Yes

    Jenis grant otorisasi. Jenis berikut didukung:

    • `client_credentials`: Grant kredensial klien. Memerlukan `client_id` dan `rahasia klien`.

    • `refresh_token`: Grant token penyegaran.

    • `authorization_code`: Grant kode otorisasi.

    • `urn:ietf:params:oauth:grant-type:device_code`: Alur perangkat.

    • `password`: Grant kata sandi.

    client_credentials
    code

    string

    No

    Kode otorisasi. Parameter ini wajib saat `grant_type` adalah `authorization_code`.

    xxxx
    username

    string

    No

    Nama pengguna. Parameter ini wajib untuk tipe grant kata sandi.

    uesrname_001
    password

    string

    No

    Kata sandi. Parameter ini wajib untuk tipe grant kata sandi.

    xxxxxx
    device_code

    string

    No

    Kode perangkat. Parameter ini wajib saat `grant_type` adalah `urn:ietf:params:oauth:grant-type:device_code` (alur perangkat).

    xxxx
    redirect_uri

    string

    No

    URI pengalihan. Parameter ini wajib untuk tipe grant kode otorisasi. URI ini harus cocok dengan URI pengalihan di permintaan untuk mendapatkan kode otorisasi.

    xxx
    refresh_token

    string

    No

    Token penyegaran. Parameter ini wajib saat `grant_type` adalah `refresh_token` (grant token penyegaran).

    ATxxx
    code_verifier

    string

    No

    Verifier kode. Ini digunakan dalam tipe grant kode otorisasi saat PKCE diaktifkan.

    xxx
    exclusive_tag

    string

    No

    Tag eksklusif.

    ATxxx
    scope

    string

    No

    Cakupan (dalam OAuth). Parameter ini opsional. Beberapa nilai didukung. Pisahkan beberapa nilai dengan spasi. Nilai valid:

    • openid

    • email

    • phone

    • profile.

    xxxx

    Elemen respons

    Element

    Type

    Description

    Example

    object

    The response.

    token_type

    string

    The token type. Valid values: Basic - Basic type Bearer - Bearer type

    Valid values:

    • Basic :

      Basic

    • Bearer :

      Bearer

    Bearer
    access_token

    string

    The access token.

    ATxxx
    refresh_token

    string

    The refresh token.

    RTxxx
    expires_in

    integer

    The validity period of the token in seconds.

    1200
    expires_at

    integer

    The expiration time. The value is a UNIX timestamp in seconds.

    1653288641
    id_token

    string

    The ID token.

    xxxxx

    Contoh

    Respons sukses

    JSONformat

    {
  "token_type": "Bearer",
  "access_token": "ATxxx",
  "refresh_token": "RTxxx",
  "expires_in": 1200,
  "expires_at": 1653288641,
  "id_token": "xxxxx"
}

    Kode kesalahan

    Lihat Error Codes untuk daftar lengkap.

    Catatan rilis

    Lihat Release Notes untuk daftar lengkap.