Token Endpoint

The token endpoint can be used to programmatically request or refresh tokens (resource owner password credential flow, authorization code flow, client credentials flow and custom grant types).

Supported Parameters

See spec.


All requests to the token endpoint must be authenticated - either pass client id and secret via Basic Authentication or add client_id and client_secret fields to the POST body.

When providing the client_id and client_secret in the Authorization header it is expected to be:

var clientId = "...";
var clientSecret = "...";

var encoding = Encoding.UTF8;
var credentials = string.Format("{0}:{1}", clientId, clientSecret);

var headerValue = Convert.ToBase64String(encoding.GetBytes(credentials));


(Form-encoding removed and line breaks added for readability)

POST /connect/token
Authorization: Basic abcxyz