POST /oauth/ro
The /oauth/ro endpoint is used to authenticate a user via a challange code. The flow is started by calling the /passwordless/start endpoint and then calling the /oauth/ro endpoint with passwordless_token received from /passwordless/start and challenge code entered by the user.
This endpoint is considered a beta feature, and will most likely be transformed into a grant type in /oauth/token. Have that in mind if implementing this.
Request
POST /oauth/ro
Authorization: Basic NGU4NDYz...OmZvb2Jhcg==
Content-Type: application/x-www-form-urlencoded
grant_type=passwordless&scope=openid%20profile&passwordless_token=12...bd&code=123456
Response
HTTP/1.1 200 OK
Content-Length: 2534
Content-Type: application/json
Date: Mon, 29 Feb 2016 13:37:00 GMT
{
"expires_in": 3600,
"scope": "openid profile",
"token_type": "Bearer",
"access_token": "eyJ0eXAi...LbXBPTs",
"refresh_token": "eyJ0eXAi...z_r6_wo",
"id_token": "eyJ0eXAi...G9S_5LQ"
}
Failure cases
- 400 Bad Request Malformed request, missing parameter, or unsupported grant type
- 401 Unauthorized Invalid client credentials
See also
- POST /oauth/token
- POST /oauth/register
- POST /oauth/introspect
- GET /oauth/userinfo
- GET /oauth/jwks
- GET /oauth/authorize
- POST /passwordless/start
Help us improve
Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).
Comments/feedback
Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. Our team reads and responds to every question. Additionally, your experience can help others using Schibsted account, and it can help us continuously improve our documentation.