调用示例
认证方式:client_secret_basic
请求方法:POST
header头参数:
参数名 | 类型 | 说明 | 示例 |
Authorization | String | Basic Base64(clientId:clientSecret) 通过base64编码的clientId和ClientSecret | YXBwX201ZG9vemVzbm81Mmtxxxxxxxxx |
Content-Type | String | 固定值:application/x-www-form-urlencoded | application/x-www-form-urlencoded |
请求参数:
参数名 | 类型 | 说明 | 示例 |
grant_type | String | 固定值:client_credentials | client_credentials |
scope | String | 可以根据scope来进行权限申请,String类型空格拼接。格式为:resourceServerIdentifier+"|"+scope,如: resourceServerIdentifier是:http://www.example.com,scope是:read:file 最终返回结果为:http://www.example.com|read:file 获取当前client已经授权的所有scopes,使用:{resourceServerIdentifier}|.all | http://aliyun.com|read:file |
client_id | string | 应用ID |
请求示例:
curl --location --request POST 'https://XXXX.aliyunidaas.com/api/v2/iauths_system/oauth2/token'
--header 'Authorization:xxxxxxx
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'grant_type=client_credentials'
--data-urlencode 'scope=http://www.example.com|read:file'返回参数:
参数名 | 类型 | 是否可为空 | 描述 |
access_token | String | 否 | token值 |
expires_in | Long | 否 | 到期时长,单位秒 |
expires_at | Long | 否 | 到期时间,unix时间戳,单位秒 |
token_type | String | 否 | token类型 |
返回示例:
{
"token_type": "Bearer",
"access_token": "AT8csE2sepE4TT9j45xFgRGhEDyS3ovfZDF68Ac4aaQ7c4dBpUahD1cYSCFQbsfpM9ysSArv1pTszcGTZEJK11yGA62GKWd4cf33ZVGsgPfLwYDPX2ZRCUpThTaWoxtXCs9zeZzGwxjc5xtasaQMeuE8PuGeHg9SyMzKxJQVv9ubQhoFXjQkoPUotUms4R2M9SBLpWSCaGDf3oiJ5WCuGyMzJdrrdQeLSB7dU9P1iKbjxGWCmwaMLMkUWZBKsAeYi3xjJmpMsuLq3811KAV5bttwi8z8cafuweuNvwdjfZYCYvNbRAt1nB9Bxn9Q99rdpYawU3eH3UvzkvMYoJ5wtnGSsPJ9B7NHBkxxHUG",
"expires_in": 3600,
"expires_at": 1733710213
}认证方式:client_secret_post
请求方法:POST
header头参数:
参数名 | 类型 | 说明 | 示例 |
Content-Type | String | 固定值:application/x-www-form-urlencoded | application/x-www-form-urlencoded |
请求参数:
参数名 | 类型 | 说明 | 示例 |
grant_type | String | 固定值:client_credentials | client_credentials |
client_id | String | 应用id | |
client_secret | String | 应用密钥 | |
scope | String | 可以根据scope来进行权限申请,String类型空格拼接。格式为:resourceServerIdentifier+"|"+scope,如: resourceServerIdentifier是:http://www.example.com,scope是:read:file 最终返回结果为:http://www.example.com|read:file 获取当前client已经授权的所有scopes,使用:{resourceServerIdentifier}|.all | http://aliyun.com|read:file |
请求示例:
curl --location --request POST 'https://XXXX.aliyunidaas.com/api/v2/iauths_system/oauth2/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'grant_type=client_credentials'
--data-urlencode 'client_id=app_m5doozesno52kbqrqpw3XXXX'
--data-urlencode 'client_secret=CS5v3F4Cy8hyDmFPJtAuyHDTUdR8i88GcgcXXXXX'
--data-urlencode 'scope=http://www.example.com|read:file'返回示例:
{
"token_type": "Bearer",
"access_token": "AT8csE2sepE4TT9j45xFgRGhEDyS3ovfZDF68Ac4aaQ7c4dBpUahD1cYSCFQbsfpM9ysSArv1pTszcGTZEJK11yGA62GKWd4cf33ZVGsgPfLwYDPX2ZRCUpThTaWoxtXCs9zeZzGwxjc5xtasaQMeuE8PuGeHg9SyMzKxJQVv9ubQhoFXjQkoPUotUms4R2M9SBLpWSCaGDf3oiJ5WCuGyMzJdrrdQeLSB7dU9P1iKbjxGWCmwaMLMkUWZBKsAeYi3xjJmpMsuLq3811KAV5bttwi8z8cafuweuNvwdjfZYCYvNbRAt1nB9Bxn9Q99rdpYawU3eH3UvzkvMYoJ5wtnGSsPJ9B7NHBkxxHUG",
"expires_in": 3600,
"expires_at": 1733710213
}认证方式:client_secret_jwt
请求方法:POST
header头参数:
参数名 | 类型 | 说明 | 示例 |
Content-Type | String | 固定值:application/x-www-form-urlencoded | application/x-www-form-urlencoded |
请求参数:
参数名 | 类型 | 说明 | 示例 |
grant_type | String | 固定值:client_credentials | client_credentials |
client_id | String | 应用id | |
client_assertion_type | String | 客户端assertion类型。固定值:urn:ietf:params:oauth:client-assertion-type:jwt-bearer | |
client_assertion | String | 客户端使用client_secret签发的签名,jwt格式,签名算法使用HS256 | |
scope | String | 可以根据scope来进行权限申请,String类型空格拼接。格式为:resourceServerIdentifier+"|"+scope,如: resourceServerIdentifier是:http://www.example.com,scope是:read:file 最终返回结果为:http://www.example.com|read:file 获取当前client已经授权的所有scopes,使用:{resourceServerIdentifier}|.all | http://aliyun.com|read:file |
请求示例:
curl --request POST \
--url 'https://XXXX.aliyunidaas.com/api/v2/iauths_system/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={{clientId}}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion={{JwtToken}}'
--data-urlencode 'scope=http://www.example.com|read:file'返回示例:
{
"token_type": "Bearer",
"access_token": "AT8csE2sepE4TT9j45xFgRGhEDyS3ovfZDF68Ac4aaQ7c4dBpUahD1cYSCFQbsfpM9ysSArv1pTszcGTZEJK11yGA62GKWd4cf33ZVGsgPfLwYDPX2ZRCUpThTaWoxtXCs9zeZzGwxjc5xtasaQMeuE8PuGeHg9SyMzKxJQVv9ubQhoFXjQkoPUotUms4R2M9SBLpWSCaGDf3oiJ5WCuGyMzJdrrdQeLSB7dU9P1iKbjxGWCmwaMLMkUWZBKsAeYi3xjJmpMsuLq3811KAV5bttwi8z8cafuweuNvwdjfZYCYvNbRAt1nB9Bxn9Q99rdpYawU3eH3UvzkvMYoJ5wtnGSsPJ9B7NHBkxxHUG",
"expires_in": 3600,
"expires_at": 1733710213
}认证方式:private_key_jwt
请求方法:POST
header头参数:
参数名 | 类型 | 说明 | 示例 |
Content-Type | String | 固定值:application/x-www-form-urlencoded | application/x-www-form-urlencoded |
请求参数:
参数名 | 类型 | 说明 | 示例 |
grant_type | String | 固定值:client_credentials | client_credentials |
client_id | String | 应用id | |
client_assertion_type | String | 客户端assertion类型。固定值:urn:ietf:params:oauth:client-assertion-type:jwt-bearer | |
client_assertion | String | 客户端使用私钥签发的签名,jwt格式,签名算法使用RS256 | |
scope | String | 可以根据scope来进行权限申请,String类型空格拼接。格式为:resourceServerIdentifier+"|"+scope,如: resourceServerIdentifier是:http://www.example.com,scope是:read:file 最终返回结果为:http://www.example.com|read:file 获取当前client已经授权的所有scopes,使用:{resourceServerIdentifier}|.all | http://aliyun.com|read:file |
请求示例:
curl --request POST \
--url 'https://XXXX.aliyunidaas.com/api/v2/iauths_system/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={{clientId}}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion={{JwtToken}}'
--data-urlencode 'scope=http://www.example.com|read:file'返回示例:
{
"token_type": "Bearer",
"access_token": "AT8csE2sepE4TT9j45xFgRGhEDyS3ovfZDF68Ac4aaQ7c4dBpUahD1cYSCFQbsfpM9ysSArv1pTszcGTZEJK11yGA62GKWd4cf33ZVGsgPfLwYDPX2ZRCUpThTaWoxtXCs9zeZzGwxjc5xtasaQMeuE8PuGeHg9SyMzKxJQVv9ubQhoFXjQkoPUotUms4R2M9SBLpWSCaGDf3oiJ5WCuGyMzJdrrdQeLSB7dU9P1iKbjxGWCmwaMLMkUWZBKsAeYi3xjJmpMsuLq3811KAV5bttwi8z8cafuweuNvwdjfZYCYvNbRAt1nB9Bxn9Q99rdpYawU3eH3UvzkvMYoJ5wtnGSsPJ9B7NHBkxxHUG",
"expires_in": 3600,
"expires_at": 1733710213
}错误码
HttpCode | error | 错误信息 | 说明 |
400 | invalid_request | Require parameter variable: grant_type | 请求缺少必需参数、包含无效参数值、包含多个参数或格式错误 |
400 | authentication_required | Authentication required, allowed authentication methods: [client_secret_basic, client_secret_post, client_secret_jwt, private_key_jwt] | 认证方式不正确,支持的认证方式为: client_secret_basic, client_secret_post, client_secret_jwt, private_key_jwt |
400 | invalid_client_credential | Invalid client_assertion, reasons(s): [expired] | 无效的client_assertion,token到期 |
400 | invalid_grant | Invalid or not supported grant_type: authorization_code | 不支持的grant_type类型 |
400 | invalid_scope | Invalid scope: http://www.example.com|read:file | 请求的范围无效、未知或格式错误 |
500 | internal_error | Unexpected internal error | 服务器内部错误 |