The token endpoint can be used by the client to make a token exchange request to the PingOne authorization server by presenting its authorization grant, its token, and the token type. For a token exchange operation, the grant_type
must be set to urn:ietf:params:oauth:grant-type:token-exchange
.
The subject_token
property value is the gateway credential returned by the PingOne gateway service. For more information, see Gateway Credentials.
The PingOne authorization server’s token endpoint responds to a successful token exchange request by issuing an access token that allows the requesting client access to PingOne resources.
See OpenID Connect/OAuth 2 and Token for important overview information.
Run Create Gateway Credential to generate a gatewayCredential
. Run Read All Gateway Credentials to find an existing credential.
Property | Type | Required? |
---|---|---|
subject_token_type |
String | Required |
subject_token |
String | Required |
grant_type |
String | Required |
See the OpenID Connect/OAuth2 data model for full property descriptions.