Requesting a token
Example URL to redirect user to:
https://cxm.example.com/q/oauth/v2/auth
?client_id=zbueiup9h80s487asgc4s4gss4kww4cwsgk0owk4gc8s4kkg4
&response_type=code
&scope=openid
&redirect_uri=https://myapp/oauth-handler
&state=ABCDEF
Example request for an access token with identity token:
curl -X POST https://cxm.example.com/q/oauth/v2/token \
-F client_id=zbueiup9h80s487asgc4s4gss4kww4cwsgk0owk4gc8s4kkg4 \
-F client_secret=4008txjcmcg0scg04oo8wsko054dg2f8ss4gsog0wgg8wwgw4w \
-F grant_type=authorization_code \
-F code=OWFkNTM3NjY2NDZjODhmYzRhYWU4NTFlN2E1MDk4ZGYxMWZlMjNlNzBjNTU1NWNmYWM4ZmRmNThiMDBhNzNkOA \
-F redirect_uri=https://myapp/oauth-handler \
Example response:
{
"access_token":"YTkxZjgwMWM3M2YxNzgzZjY5MmE2NDA1M2MxODdmZWE2NWZkMzFlYzhmMmM2YzA5NDVlMmFkZjczZThkYTJkMg",
"expires_in":3600,
"token_type":"bearer",
"scope":"openid",
"refresh_token":"MTMwMWU0MDU1NTgzNjM1YzUwYzcwMDc3Zjc2M2U4OTk0ODRlNWY5YjI1NzE0Mjc0MWI2ODQ5NTBmODBiN2Q1OQ"
"id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjoiemJ1ZWl1cDloODBzNDg3YXNnYzRzNGdzczRrd3c0Y3dzZ2swb3drNGdjOHM0a2tnNCIsImlhdCI6MTUwODgzNDE0NiwiZXhwIjoxNTA4ODM4MjMzLCJqdGkiOiI5ZTM1NDkyZi1hOWE5LTQzMWYtOWI4ZC1lZWIxZjgyYzNiMDEifQ.TgNGiEjFBCM-po4_-R_ISEZ8cNc6BsyzE4_S6A_UAz8",
}
You can request additional information about the user by specifying one or more additional scopes:
| scope | value |
|---|---|
| address | The formatted address of the Person record linked to the user (if they have one) |
| The user's email address | |
| email_verified | Whether or not the user has verified their email address |
| family_name | The user's last name |
| given_name | The user's first name |
| name | The user's full name |
| picture | URL to the avatar set by the user |
Before using it, you should verify the token.