-
-
Notifications
You must be signed in to change notification settings - Fork 491
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
29 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| --- | ||
| "@logto/console": minor | ||
| "@logto/core": minor | ||
| "@logto/phrases": minor | ||
| "@logto/schemas": minor | ||
| --- | ||
|
|
||
| Add personal access token (PAT) | ||
|
|
||
| Personal access tokens (PATs) provide a secure way for users to grant access tokens without using their credentials and interactive sign-in. | ||
|
|
||
| You can create a PAT by going to the user's detail page in Console or using the Management API `POST /users/:userId/personal-access-tokens`. | ||
|
|
||
| To use a PAT, call the token exchange endpoint `POST /oidc/token` with the following parameters: | ||
|
|
||
| 1. `grant_type`: REQUIRED. The value of this parameter must be `urn:ietf:params:oauth:grant-type:token-exchange` indicates that a token exchange is being performed. | ||
| 2. `resource`: OPTIONAL. The resource indicator, the same as other token requests. | ||
| 3. `scope`: OPTIONAL. The requested scopes, the same as other token requests. | ||
| 4. `subject_token`: REQUIRED. The user's PAT. | ||
| 5. `subject_token_type`: REQUIRED. The type of the security token provided in the `subject_token` parameter. The value of this parameter must be `urn:logto:token-type:personal_access_token`. | ||
| 6. `client_id`: REQUIRED. The client identifier of the client application that is making the request, the returned access token will contain this client_id claim. | ||
|
|
||
| And the response will be a JSON object with the following properties: | ||
|
|
||
| 1. `access_token`: REQUIRED. The access token of the user, which is the same as other token requests like `authorization_code` or `refresh_token`. | ||
| 2. `issued_token_type`: REQUIRED. The type of the issued token. The value of this parameter must be `urn:ietf:params:oauth:token-type:access_token`. | ||
| 3. `token_type`: REQUIRED. The type of the token. The value of this parameter must be `Bearer`. | ||
| 4. `expires_in`: REQUIRED. The lifetime in seconds of the access token. | ||
| 5. `scope`: OPTIONAL. The scopes of the access token. |