Now that you have an Authorization Code, you must exchange it for tokens. Using the extracted Authorization Code (code) from the previous step, you will need to POST to the token URL:
curl --request POST \
--url https://auth.unless.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"YOUR_CLIENT_ID","client_secret":"YOUR_CLIENT_SECRET","audience":"https://auth-api.unless.com","grant_type":"authorization_code","redirect_uri":"YOUR_REDIRECT_URL","code":"YOUR_CODE"}'
| Parameter | Description |
|---|---|
| client_id | Your client ID. |
| client_secret | Your client secret. |
| audience | This should be set to 'https://auth-api.unless.com'. |
| grant_type | This should be set to 'authorization_code'. |
| redirect_uri | This should be the same 'redirect_uri' used in the Authorize user step. |
| code | The code obtained in the previous Authorize user step. |
If all goes well, you'll receive an HTTP 200 response with a payload containing access_token, refresh_token, and token_type values:
{
"access_token": "eyJz93a...k4laUWw",
"refresh_token": "GEbRxBN...edjnXbL",
"token_type": "Bearer",
"expires_in": 86400
}