{"openapi":"3.0.1","info":{"title":"Authentication API","version":"v1.0.0"},"servers":[{"url":"https://idp.finologee.com","description":"Production identity provider server"},{"url":"https://idp.sandbox.finologee.com","description":"Sandbox identity provider server"}],"paths":{"/auth/realms/services/protocol/openid-connect/token":{"post":{"operationId":"getOAuth2Token","tags":["Authentication"],"summary":"Get an access token","description":"Authenticate using OAuth2 password grant flow to obtain an access token. Use the same endpoint to exchange your refresh_token for a new access_token if it's expired.","requestBody":{"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","required":["grant_type","client_id"],"properties":{"grant_type":{"type":"string","description":"Grant type. For password grant flow, this should be 'password'. For refresh token flow, it should be 'refresh_token'.","enum":["password","refresh_token"]},"username":{"type":"string","description":"The user's username. Required only for the password flow."},"password":{"type":"string","description":"The user's password. Required only for the password flow."},"refresh_token":{"type":"string","description":"The refresh token. Required only for refresh token flow."},"client_id":{"type":"string","description":"The client ID is representing the tenant to which the token will grant access."}}}}}},"responses":{"200":{"description":"Authentication successful","content":{"application/json":{"schema":{"type":"object","properties":{"access_token":{"type":"string","description":"The access token which can be used to authenticate subsequent API calls."},"expires_in":{"type":"integer","format":"int32","description":"The number of seconds until the access token expires."},"refresh_expires_in":{"type":"integer","format":"int32","description":"The number of seconds until the refresh token expires."},"token_type":{"type":"string","description":"The type of the token - in this case always 'Bearer'."},"refresh_token":{"type":"string","description":"Token that can be used to obtain a new access token when the current one expires."},"scope":{"type":"string","description":"The scope for which the access token is valid. Defines the permissions granted by the token."},"not-before-policy":{"type":"integer","format":"int32","description":"A policy indicating the earliest time from which the token can be used. Represented as the number of seconds since the token's issue date."},"session_state":{"type":"string","description":"Represents the state of the user's current session. Useful for managing and validating user sessions in the application."}},"required":["access_token","token_type","expires_in"]}}}},"400":{"description":"Bad request. Invalid input or user credentials.","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error code representing the type of error."},"error_description":{"type":"string","description":"A human-readable description of the error."}},"required":["error","error_description"]}}}},"401":{"description":"Unauthorized. Invalid client details.","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error code representing the type of error."},"error_description":{"type":"string","description":"A human-readable description of the error."}},"required":["error","error_description"]}}}}}}}},"x-readme":{"explorer-enabled":true,"proxy-enabled":true}}