mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
29 lines
1.8 KiB
Markdown
29 lines
1.8 KiB
Markdown
---
|
|
"@logto/console": minor
|
|
"@logto/core": minor
|
|
"@logto/phrases": minor
|
|
"@logto/schemas": minor
|
|
---
|
|
|
|
Add personal access token (PAT)
|
|
|
|
Personal access tokens (PATs) provide a secure way for users to grant access tokens without using their credentials and interactive sign-in.
|
|
|
|
You can create a PAT by going to the user's detail page in Console or using the Management API `POST /users/:userId/personal-access-tokens`.
|
|
|
|
To use a PAT, call the token exchange endpoint `POST /oidc/token` with the following parameters:
|
|
|
|
1. `grant_type`: REQUIRED. The value of this parameter must be `urn:ietf:params:oauth:grant-type:token-exchange` indicates that a token exchange is being performed.
|
|
2. `resource`: OPTIONAL. The resource indicator, the same as other token requests.
|
|
3. `scope`: OPTIONAL. The requested scopes, the same as other token requests.
|
|
4. `subject_token`: REQUIRED. The user's PAT.
|
|
5. `subject_token_type`: REQUIRED. The type of the security token provided in the `subject_token` parameter. The value of this parameter must be `urn:logto:token-type:personal_access_token`.
|
|
6. `client_id`: REQUIRED. The client identifier of the client application that is making the request, the returned access token will contain this client_id claim.
|
|
|
|
And the response will be a JSON object with the following properties:
|
|
|
|
1. `access_token`: REQUIRED. The access token of the user, which is the same as other token requests like `authorization_code` or `refresh_token`.
|
|
2. `issued_token_type`: REQUIRED. The type of the issued token. The value of this parameter must be `urn:ietf:params:oauth:token-type:access_token`.
|
|
3. `token_type`: REQUIRED. The type of the token. The value of this parameter must be `Bearer`.
|
|
4. `expires_in`: REQUIRED. The lifetime in seconds of the access token.
|
|
5. `scope`: OPTIONAL. The scopes of the access token.
|