Now that you have an Authorization Code, you must exchange it for tokens. Using the extracted Authorization Code (code) from the previous step, you will need to POST to the token URL:

curl --request POST \
  --url https://auth.unless.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"YOUR_CLIENT_ID","client_secret":"YOUR_CLIENT_SECRET","audience":"https://auth-api.unless.com","grant_type":"authorization_code","redirect_uri":"YOUR_REDIRECT_URL","code":"YOUR_CODE"}'

Parameter

Description

client_id

Your client ID.

client_secret

Your client secret.

audience

This should be set to 'https://auth-api.unless.com'.

grant_type

This should be set to 'authorization_code'.

redirect_uri

This should be the same 'redirect_uri' used in the Authorize user step.

code

The code obtained in the previous Authorize user step.

If all goes well, you'll receive an HTTP 200 response with a payload containing access_token, refresh_token, and token_type values:

{
  "access_token": "eyJz93a...k4laUWw",
  "refresh_token": "GEbRxBN...edjnXbL",
  "token_type": "Bearer",
  "expires_in": 86400
}