The token endpoint is used by the client to obtain an access token by presenting its authorization grant. Note that authentication requirements to this endpoint are configured by the application’s tokenEndpointAuthMethod property.

Supported parameters for the token request are:

Property Description
client_id A string that specifies the application’s UUID.
client_secret A string that specifies the the application’s client secret. This property is required only if the application’s tokenEndpointAuthMethod property is set to CLIENT_SECRET_POST.
code_verifier A large random string used in a PKCE authorize request. This string is used to create the code_challenge value passed to the authorization server in the request. The length an character set requirements for the code_verifier string is documented in Section 4.1 of RFC7636.
grant_type A string that specifies the grant type of the token request. Options are authorization_code, implicit, refresh_token, and client_credentials.