Token Endpoint

The endpoint for requesting access tokens by each client (in exchange for an authorization grant, e.g. code or refresh token)

Request

POST https://.../oauth/token

Header Attributes:

  • Authorization: credentials of the client identified by the client_id. Basic scheme to be used, where the value is a Base64 encoded string consisting of: {client_id}:{client_secret}
  • Content-Type: application/x-www-form-urlencoded

Body Parameters (note that parameters sent as query parameters are not accepted by the OA2 server):

  • grant_type: Used grant type, e.g. authorization_code
  • client_id: A unique identification of the client application (package key), which is assigned during application registration. The value must be equal to the one provided in the authorization request.
  • redirect_uri: A URI that will be called after the authentication and the authorization steps are done. The value must be equal to the one provided in the authorization request.
  • code: The authorization code as received from the Authorization Endpoint.
  • code_verifier:

Note: The "userLang" used to call the backend systems is taken from out of the client "Accept-Language"-Header.

Responses

Code Description Content-Type Schema
200 The OAuth2 server accepted the request and generated an Access Token (and possibly a Refresh Token). application/json Token Response
other
The OAuth2 server rejected the request and generated an Error Response. application/json Error Response

Token Response

Field Description
access_token The access token to be used for further backend calls
token_type The token type e.g. bearer
refresh_token The refresh token to refresh the sessions
expires_in The time until the access_token expires (in seconds)
scope The scopes the access_token can be used for

Error Response (Example)

Code snippet: Json
{
  "error_description": "The grant type is not supported for the given client_id.",
  "error": "unsupported_grant_type"
}
Field Description
error_description

The description what the reason of the error was

error The error code e.g. unsupported_grant_type
Error Description
unsupported_grant_type If the grant type is not support for a client id
service_unavailable If the maintenance mode is active
invalid_request If parameter has not been applied correctly
invalid_grant If an error occurred during the mashery call
invalid_client If an error occurred during the mashery call

Example

Request

Code snippet: Example request
POST https://oauth-test.lufthansa.com/oauth/token?grant_type=authorization_code
  &code=f3cmqdkrukzwkd8vbsr4zcjd
  &redirect_uri=myApp://callback/
  &client_id=asdfasdfasdfasdf
  &code_verifier=dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

Response

Code snippet: Example response
{
  "access_token": "adsfasdfaddsfnbwert345124",
  "token_type": "bearer",
  "refresh_token": "1324jrasv0q143k5rjasd09q4",
  "expires_in": 3599,
  "scope": "https://cms.fra.dlh.de/publicCrewApi"
}