Authorization Code (OAuth 2.0)

The authorization code is a JWT and granted at the OAuth 2.0 authorize endpoint to exchange for tokens at the OAuth 2.0 token endpoint. It plays an internal role and can't be configured.

An example authorization code token below:

{
  "https://api.quasr.io/claims/typ": "oauth2:code",
  "https://api.quasr.io/claims/max": 1973910487, // max validity
  "https://api.quasr.io/claims/use": 1, // one-time use
  "https://api.quasr.io/claims/ccv": "A-BF0_Ev_r9fLi_CpPGB0qUmdnEtkyF3gi3K8IHm0ak", // code challenge (PKCE)
  "https://api.quasr.io/claims/ccm": "S256", // code challenge method (PKCE)
  "scope": "openid", // approved scopes
  "client_id": "abe5ffb6-2f03-492d-8424-184e28685b13", // holder ID
  "sub": "ffd99cbb-f322-4dcf-8c64-48cc26c55c61", // account ID
  "jti": "e258d521-52da-4899-adea-ee5739fa643b", // token ID
  "aud": "https://api.quasr.io",
  "iss": "https://b62a482d-7365-4ae9-85a5-1453b3b0d5b6.api.quasr.io", // tenant ID
  "iat": 1642419895, // issued at
  "nbf": 1642419895, // not before
  "exp": 1642420195 // expires at
}

PreviousConsent Token NextHosted Login Page

Last updated 2 years ago