POST /oauth/ro

The /oauth/ro endpoint is used to authenticate a user via a challange code. The flow is started by calling the /passwordless/start endpoint and then calling the /oauth/ro endpoint with passwordless_token received from /passwordless/start and challenge code entered by the user.

This endpoint is considered a beta feature, and will most likely be transformed into a grant type in /oauth/token. Have that in mind if implementing this.


POST /oauth/ro
Authorization: Basic NGU4NDYz...OmZvb2Jhcg==
Content-Type: application/x-www-form-urlencoded



HTTP/1.1 200 OK
Content-Length: 2534
Content-Type: application/json
Date: Mon, 29 Feb 2016 13:37:00 GMT

    "expires_in": 3600,
    "scope": "openid profile",
    "token_type": "Bearer",
    "access_token": "eyJ0eXAi...LbXBPTs",
    "refresh_token": "eyJ0eXAi...z_r6_wo",
    "id_token": "eyJ0eXAi...G9S_5LQ"

Failure cases

  • 400 Bad Request Malformed request, missing parameter, or unsupported grant type
  • 401 Unauthorized Invalid client credentials

See also

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page


Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. Our team reads and responds to every question. Additionally, your experience can help others using Schibsted account, and it can help us continuously improve our documentation.