Creates and provides a new access token. This method results in an access token with which the requesting party can gain access to a service at the providing party. The format of an access token is not defined by this specification. They are left to the server and should be opaque to a requesting party.
| Excerpt |
|---|
|
| Panel |
|---|
| panelIconId | 2705 |
|---|
| panelIcon | :white_check_mark: |
|---|
| panelIconText | ✅ |
|---|
| bgColor | #FFF0B3 |
|---|
| DSGO.Basis: Parties MUST support a POST call to a /token endpoint to create a new access token
|
|
...
In OAuth 2.0 clients are typically “pre-registered” by the server. In the DSGO this is not desirable as data can be shared with previously unknown clients. Therefore client identification and authentication is performed via a check by the DSGO Trust Framework Authority via the Trust Framework catalog. For more details see the Access Token flow.
| Excerpt |
|---|
|
| Panel |
|---|
| panelIconId | 2705 |
|---|
| panelIcon | :white_check_mark: |
|---|
| panelIconText | ✅ |
|---|
| bgColor | #FFF0B3 |
|---|
| DSGO.Basis: Parties MUST NOT pre-register clients
|
|
...
| Excerpt |
|---|
|
| Panel |
|---|
| panelIconId | 2705 |
|---|
| panelIcon | :white_check_mark: |
|---|
| panelIconText | ✅ |
|---|
| bgColor | #FFF0B3 |
|---|
| DSGO.Basis: Parties MUST validate that a POST request to a /token endpoint contains the HTTP headers as described in the table below
|
|
...
For information about the parameters that are common to trust framework’s API’s see Generic API Requirements.
| Excerpt |
|---|
|
| Panel |
|---|
| panelIconId | 2705 |
|---|
| panelIcon | :white_check_mark: |
|---|
| panelIconText | ✅ |
|---|
| bgColor | #FFF0B3 |
|---|
| DSGO.Basis: Parties MUST validate that a POST request to a /token endpoint contains the parameters as described in the table below
|
| Panel |
|---|
| panelIconId | 2705 |
|---|
| panelIcon | :white_check_mark: |
|---|
| panelIconText | ✅ |
|---|
| bgColor | #FFF0B3 |
|---|
| DSGO.Basis: Parties MUST validate the client credentials in the client_assertion received in a POST to a /token endpoint, by comparing the client_id to the iss and sub claim in the client_assertion and the subject_name of the QSEAL used to sign the client_assertion
|
|
Parameters | Description |
|---|
grant_type
| Required | as the OAuth 2.0 grant type. MUST be equal to client_credentials. |
scope
| Required | as the OAuth 2.0 scope. MUST contain the value dsgo ishare to indicate usage within the DSGO, in alignment with iSHARE (v2.0). |
client_id
| Required | as the OAuth 2.0 JWT bearer profile, specified in RFC7523. MUST contain a valid Organisation ID of the data service consumer, containing an EORI or KvK number. Used in DSGO for client identification. |
client_assertion_type
| Required | as the OAuth 2.0 JWT bearer profile, specified in RFC7523. MUST be equal to urn:ietf:params:oauth:client-assertion-type:jwt-bearer. |
client_assertion
| Required | as the OAuth 2.0 JWT bearer profile, specified in RFC7523. MUST contain a signed JWT (Authentication JWT or Onweergbaarheid JWT). Used in DSGO for authentication of the client. |
...
For information about the parameters that are common to trust framework’s API’s see Generic API Requirements.
200 OK
When a valid request is sent an OK result should be returned and an access token is sent.
...
| Excerpt |
|---|
|
| Panel |
|---|
| panelIconId | 2705 |
|---|
| panelIcon | :white_check_mark: |
|---|
| panelIconText | ✅ |
|---|
| bgColor | #FFF0B3 |
|---|
| DSGO.Basis: Parties MUST include the HTTP headers as described in the table below in a response to a POST request to a /token endpoint
|
|
...
| Excerpt |
|---|
|
| Panel |
|---|
| panelIconId | 2705 |
|---|
| panelIcon | :white_check_mark: |
|---|
| panelIconText | ✅ |
|---|
| bgColor | #FFF0B3 |
|---|
| DSGO.Basis: Parties MUST include an access token as described in the table below in the HTTP payload in a response to a successful POST request to a /token endpoint
|
| Panel |
|---|
| panelIconId | 2705 |
|---|
| panelIcon | :white_check_mark: |
|---|
| panelIconText | ✅ |
|---|
| bgColor | #FFF0B3 |
|---|
| DSGO.Basis: Parties MUST NOT issue refresh tokens
|
|
...
| Excerpt |
|---|
|
| Panel |
|---|
| panelIconId | 2705 |
|---|
| panelIcon | :white_check_mark: |
|---|
| panelIconText | ✅ |
|---|
| bgColor | #FFF0B3 |
|---|
| DSGO.Basis: Parties MUST include the parameters as described in the table below in the HTTP payload in a response to a failed POST request to a /token endpoint
|
|
...