POST /oauth/ro

The /oauth/ro endpoint is used to authenticate a user via a challange code. The flow is started by calling the /passwordless/start endpoint and then calling the /oauth/ro endpoint with passwordless_token received from /passwordless/start and challenge code entered by the user.

This endpoint is considered a beta feature, and will most likely be transformed into a grant type in /oauth/token. Have that in mind if implementing this.

Request

POST /oauth/ro
Authorization: Basic NGU4NDYz...OmZvb2Jhcg==
Content-Type: application/x-www-form-urlencoded

grant_type=passwordless&scope=openid%20profile&passwordless_token=12...bd&code=123456

Response

HTTP/1.1 200 OK
Content-Length: 2534
Content-Type: application/json
Date: Mon, 29 Feb 2016 13:37:00 GMT

{
    "expires_in": 3600,
    "scope": "openid profile",
    "token_type": "Bearer",
    "access_token": "eyJ0eXAi...LbXBPTs",
    "refresh_token": "eyJ0eXAi...z_r6_wo",
    "id_token": "eyJ0eXAi...G9S_5LQ"
}

Failure cases

  • 400 Bad Request Malformed request, missing parameter, or unsupported grant type
  • 401 Unauthorized Invalid client credentials

See also

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.