- URL: https://[root]/oauth2/token
Example Usage
https://www.arcgis.com/sharing/rest/oauth2/token
Description
The first step of an authorization grant is the authorization, and the access token step of that flow is described below. In addition to issuing user access tokens as part of the authorization grant, this end point can also be used to refresh access tokens and issue application tokens. The overall OAuth2 authentication flow is described in Authentication.
The type of token issued is based on the grant_type parameter as follows:
- authorization_code
- client_credentials
- exchange_refresh_token
- refresh_token
The required request parameters vary based on the grant_type as specified in the following table:
Grant type | Required parameters |
---|---|
authorization_code |
|
client_credentials |
|
exchange_refresh_token |
|
refresh_token |
|
Request parameters
Parameter | Details |
---|---|
client_id (Required) | The ID of the registered application. This is also referred to as APPID. Example
|
grant_type (Required) | The type of grant requested. The type of token issued is based on the grant_type values as follows:
Example
|
client_secret (Required when grant_type=client_credentials) | The secret of the registered application. This is also referred to as APPSECRET. Example
|
code (Required when grant_type=authorization_code) | The authorization code obtained as a result of the authorization step. Example
|
redirect_uri (Required when grant_type=authorization_code or grant_type=exchange_refresh_token) | The URI specified during the authorization step. The URIs must match; otherwise, authorization will be rejected. Example
|
refresh_token (Required when grant_type=token or grant_type=exchange_refresh_token) | The request_token obtained in response to grant_type=authorization_code. Example
|
code_verifier | The code verifier for the PKCE request that was generated before the authorization request. If the verifier matches the expected value, the server issues an access token. Otherwise, the server responds with following error:
|
Response
{
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"expires_in": 1800, // expiration in seconds from now
"username": "jsmith", //signed-in username
"ssl" :true, //Returned true for ArcGIS Online
"refresh_token": "GysTpIui-oxWTTIs" // ONLY returned when grant_type=authorization_code or grant_type=exchange_refresh_token
"refresh_token_expires_in": 604799 // expiration in seconds from now
}
Examples
This end point is used for all examples:
https://www.arcgis.com/sharing/rest/oauth2/token
grant_type=authorization_code
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=authorization_code&
redirect_uri=https://app.example.com/cb&
code=KIV31WkDhY6XIWXmWAc6U
PKCE flow
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=authorization_code&
redirect_uri=https://app.example.com/cb&
code=KIV31WkDhY6XIWXmWAc6U
code_verifier=fasdfads7645fassd33asddfasdf
grant_type=client_credentials
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=client_credentials&
client_secret=57e2f75cd56346bf9d5654c3338a1250
grant_type=exchange_refresh_token
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=exchange_refresh_token&
redirect_uri=https://app.example.com/cb&
refresh_token=GysTpIui-oxWTTIs
grant_type=refresh_token
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=refresh_token&
refresh_token=GysTpIui-oxWTTIs