To be able to use the OAuth2 token and revoke endpoints, the client must authenticate itself by passing one of the two following credential types with the request.
Client password consists of a client id and a client secret that is configured in the administration interface of Smart ID Digital Access.
This authentication method is specified in the RFC6749 Section 2.3.1 * Client Password .
The client credentials can be passed in an Authorization header as Basic credentials by combining the credentials into a string "client_id:client_secret" and then encoding the result into a Base64 string.
Example header
Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=
The client id and client secret should be passed with the request as additional POST parameters. These parameters can only be passed in the request body.
| Property | Description |
| client_id | Unique id for the user. |
| client_secret | A secret that is only known by the client. |
This authentication method requires that the client passes a certificate that has been given from a CA specified when setting up a client in the administrator interface.
Copyright © 1999-2023, Technology Nexus Secured Business Solutions AB. All rights reserved.