--- swagger: "2.0" info: x-ibm-name: apifactory-oauth-provider title: APIFactory OAuth Provider version: 1.0.0 description: "" schemes: - https basePath: /api/v1/oauth securityDefinitions: Basic Authentication: type: basic description: Username is the application's client_id, and password is the client_secret paths: /token: post: consumes: - application/x-www-form-urlencoded produces: - application/json summary: Request Access Tokens description: | This endpoint allows requesting an access token following one of the flows below: - Authorization Code (exchange code for access token) - Client Credentials (2-legged, there isnt resource owner information) - Resource Owner Password Credentials (2-legged, client provides resource owner name and password) - Refresh Token (exchange refresh token for a new access code) The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type. Client authentication: - Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter. - Public clients should send their client_id as formData parameter. | grant_type | code | client_credentials | password | refresh_token | |----------------------|------------|--------------------|-------------|---------------| | client_id | required* | required* | required* | required* | | client_secret | required* | required* | required* | required* | | code | required | | | | | redirect_uri | required | | | | | username | | | required | | | password | | | required | | | scope | | optional | optional | | | refresh_token | | | | required | The implicit grant requests, see /oauth2/authorize. security: [] parameters: - name: grant_type in: formData description: Type of grant type: string required: true enum: - authorization_code - password - client_credentials - refresh_token - name: client_id in: formData description: Application client ID, can be provided in formData or using HTTP Basic Authentication required: false type: string - name: client_secret in: formData description: Application secret, must be provided in formData or using HTTP Basic Authentication required: false type: string - name: code in: formData description: Authorization code provided by the /oauth2/authorize endpoint required: false type: string - name: redirect_uri in: formData description: required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical. required: false type: string - name: username in: formData type: string description: Resource owner username required: false - name: password in: formData type: string description: Resource owner password required: false - name: scope in: formData type: string description: Scope being requested required: false - name: refresh_token in: formData type: string description: The refresh token that the client wants to exchange for a new access token (refresh_token grant_type) required: false responses: 200: description: json document containing token, etc. schema: $ref: '#/definitions/access_token_response' 400: description: json document that may contain additional details about the failure x-ibm-configuration: testable: true enforced: true phase: realized type: oauth definitions: access_token_response: type: object additionalProperties: false required: - token_type - access_token - expires_in properties: token_type: enum: - bearer access_token: type: string expires_in: type: integer scope: type: string refresh_token: type: string security: - Basic Authentication: [] x-ibm-endpoints: - endpointUrl: https://sandbox.externalapib2b.wlb.nam.nsroot.net:7101/mx-gcgapi-uat/sandbox2 type: - production - development ...