Quasr
  • Introduction
    • Welcome to Quasr
    • Concepts
      • Flexible Authentication
      • User-Centric Privacy
      • Modern Development
    • Terminology
    • FAQs
  • Getting Started
    • Sign up with Quasr
    • Setup your tenant
      • Factor Configuration
      • Enrolling additional factors
      • Test with the Sample Client
      • Understanding Scopes & Scores
      • Setting up an API Client (M2M)
    • Connect your app
      • Hosted Login UI
      • Custom Login UI
      • Embedded Login UI
  • Account Administration
    • Introduction
    • Account & Billing
      • Metrics
    • Tenants
    • Usage & Statistics
    • Security
  • Tenant Administration
    • Introduction
    • Dashboard
    • Tenant Settings
    • Your Security
    • Accounts
      • Tenant Admins
    • Factors
      • Factors and Scoring
      • Username (ID)
      • Federation (OAuth2 / OIDC)
        • Apple
        • Facebook
        • GitHub
        • Google
        • LinkedIn
        • Slack
      • Time-based One-time Password (TOTP)
      • One-Time Password (OTP)
      • Password
      • Secret
    • Controls
      • Configuration
      • Permissions
      • Consents
      • Rules
    • Attributes
      • Capturing Claims
      • Sourcing Claims
      • Viewing Claims
      • Searching Claims / Users
      • Sharing Claims
    • Extensions
      • Synchronous
      • Asynchronous
    • Tokens
      • Session Token (OAuth 2.0)
      • Access Token (OAuth 2.0)
      • Refresh Token (OAuth 2.0)
      • ID Token (OIDC 1.0)
      • Consent Token
      • Authorization Code (OAuth 2.0)
    • Hosted Login Page
    • APIs
      • Authentication API
      • Management API (GraphQL)
  • Legal
    • Terms of Service
    • Acceptable Use Policy
    • DPA & Subprocessors
  • More Info
    • Standards
    • Security
      • Vulnerability Disclosure
      • Wall of Recognition
    • Support
    • Status
Powered by GitBook
On this page
  1. Tenant Administration
  2. Tokens

Authorization Code (OAuth 2.0)

The authorization code is a JWT and granted at the OAuth 2.0 authorize endpoint to exchange for tokens at the OAuth 2.0 token endpoint. It plays an internal role and can't be configured.

An example authorization code token below:

{
  "https://api.quasr.io/claims/typ": "oauth2:code",
  "https://api.quasr.io/claims/max": 1973910487, // max validity
  "https://api.quasr.io/claims/use": 1, // one-time use
  "https://api.quasr.io/claims/ccv": "A-BF0_Ev_r9fLi_CpPGB0qUmdnEtkyF3gi3K8IHm0ak", // code challenge (PKCE)
  "https://api.quasr.io/claims/ccm": "S256", // code challenge method (PKCE)
  "scope": "openid", // approved scopes
  "client_id": "abe5ffb6-2f03-492d-8424-184e28685b13", // holder ID
  "sub": "ffd99cbb-f322-4dcf-8c64-48cc26c55c61", // account ID
  "jti": "e258d521-52da-4899-adea-ee5739fa643b", // token ID
  "aud": "https://api.quasr.io",
  "iss": "https://b62a482d-7365-4ae9-85a5-1453b3b0d5b6.api.quasr.io", // tenant ID
  "iat": 1642419895, // issued at
  "nbf": 1642419895, // not before
  "exp": 1642420195 // expires at
}
PreviousConsent TokenNextHosted Login Page

Last updated 1 year ago