Version 5.x has been out of support since December 13, 2022, and this corresponding section of the documentation is no longer maintained. We strongly recommend upgrading to a supported version.
The token endpoint can be used to programmatically request tokens.
Duende IdentityServer supports a subset of the OpenID Connect and OAuth 2.0 token request parameters. For a full list, see here.
client_id
client identifier; not necessary in body if it is present in the authorization header
grant_type
authorization_code
client_credentials
password
refresh_token
urn:ietf:params:oauth:grant-type:device_code
extension grant
client_secret
client secret for confidential/credentials clients - either in the post body, or as a basic authentication header.
scope
one or more registered scopes. If not specified, a token for all explicitly allowed scopes will be issued.
redirect_uri
required for the authorization_code grant type
code
the authorization code (required for authorization_code grant type)
code_verifier
PKCE proof key
username
resource owner username (required for password grant type)
password
resource owner password (required for password grant type)
acr_values
allows passing in additional authentication related information. Duende IdentityServer special cases the following proprietary acr_values
tenant:name_of_tenant
can be used to pass a tenant name to the token endpoint
refresh_token
the refresh token (required for refresh_token grant type)
device_code
the device code (required for urn:ietf:params:oauth:grant-type:device_code grant type)
POST /connect/token
CONTENT-TYPE application/x-www-form-urlencoded
client_id=client1&
client_secret=secret&
grant_type=authorization_code&
code=hdh922&
redirect_uri=https://myapp.com/callback
You can use the IdentityModel client library to programmatically interact with the protocol endpoint from .NET code.
using IdentityModel.Client;
var client = new HttpClient();
var response = await client.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = TokenEndpoint,
ClientId = "client",
ClientSecret = "secret",
Code = "...",
CodeVerifier = "...",
RedirectUri = "https://app.com/callback"
});