TokenRequest

  • grant_type
    enum
    const:  
    client_credentials
    required
    values
    • client_credentials
  • authorization_details
    Type: string

    RFC 9396 Rich Authorization Requests (subset). URL-encoded JSON array of typed objects. Supported type: "org_scope" with "locations" containing org UUIDs to narrow the token's org scope. The value must be URL-encoded in the form body. Decoded example: [{"type":"org_scope","locations":["org-uuid-1","org-uuid-2"]}]. The token's custom:orgRoles claim will contain only the requested orgs (must be a subset of the client's allowed orgs).

  • scope
    Type: string

    Space-separated list of scopes