POST 
/authorisation/v4/token

Users receive access tokens after they present a valid EBSI Verifiable Credential and prove ownership over their DID.

Request

application/x-www-form-urlencoded

Body

required

grant_type stringrequired

MUST be set to "vp_token"

vp_token stringrequired

Signed Verifiable Presentation. See also the VP Token schema definition.

presentation_submission stringrequired

Descriptor for the vp_token, linked by presentation_definition. See also the Presentation Definition schema.

scope stringrequired

Possible values: [openid didr_write, openid didr_invite, openid tir_write, openid tir_invite]

OIDC scope

Responses

200

Success

application/json

Schema

Schema

access_token ^(([A-Za-z0-9\-_])+\.)([A-Za-z0-9\-_]+)(\.([A-Za-z0-9\-_]+)?$required

The access token issued by the authorization server in JWS format. See also the "Access Token" schema definition

token_type stringrequired

Possible values: [Bearer]

MUST be Bearer

expires_in integer

Possible values: >= 1

The lifetime in seconds of the access token

scope stringrequired

Possible values: [openid did_write, openid tir_write]

The scope of the access token

id_token ^(([A-Za-z0-9\-_])+\.)([A-Za-z0-9\-_]+)(\.([A-Za-z0-9\-_]+)?$required

ID Token value associated with the authenticated session. Presents client's identity. ID Token is issued in a JWS format. See also the "ID Token" schema definition.

Example (from schema)

{
  "access_token": "32164be2809b7e8acdaf",
  "token_type": "Bearer",
  "expires_in": 7200,
  "scope": "openid did_write",
  "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpYXQiOjE2NDE1NTI2MDAsInN1YiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCIsImlzcyI6ImRpZDplYnNpOnoyMVNxTUo1M2ZZUzY5VlpSWVRVRURhZyJ9.YIdjUCinbG2DRU0VhFTOPcHK9D0iLcx6zBPmF94phfVOx8IVZwOLMfnEp_9xx87-UNODVCLWNR2UdjUgQyv14A"
}

Token Response

Token Response

{
  "access_token": "jwt",
  "id_token": "jwt",
  "token_type": "Bearer",
  "scope": "openid tir_write",
  "expires_in": 7200
}

400

Bad Request

application/json

Schema

Schema

type uri

Default value: about:blank

An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.

title string

A short summary of the problem type.

status int32

Possible values: >= 400 and <= 600

The HTTP status code generated by the origin server for this occurrence of the problem.

detail string

A human readable explanation specific to this occurrence of the problem.

instance uri

An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.

Example (from schema)

{
  "type": "about:blank",
  "title": "Internal Server Error",
  "status": 500,
  "detail": "Connection timeout",
  "instance": "string"
}

Bad Request

{
  "title": "Bad Request",
  "status": 400,
  "detail": "[\"grant_type must be equal to vp_token\",\"scope should not be null or undefined\",\"vp_token must be a jwt string\",\"presentation_submission must be a non-empty object)\"]",
  "type": "about:blank"
}

500

Internal Server Error

application/problem+json

Schema

Schema

type uri

Default value: about:blank

An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.

title string

A short summary of the problem type.

status int32

Possible values: >= 400 and <= 600

The HTTP status code generated by the origin server for this occurrence of the problem.

detail string

A human readable explanation specific to this occurrence of the problem.

instance uri

An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.

Example (from schema)

{
  "type": "about:blank",
  "title": "Internal Server Error",
  "status": 500,
  "detail": "Connection timeout",
  "instance": "string"
}

Internal Server Error

{
  "title": "Internal error",
  "status": 500,
  "detail": "Internal error"
}

Loading...