Skip to content


Token endpoint is an OAuth2 protected endpoint that is used to grant tokens to client in response to valid request. Token endpoint is defined in the OAuth 2.0 framework, OpenID Connect specification and other specifications relevant to them.

Tokens granted by this endpoint depends on grant type and scopes that are specified in the token request. The token endpoint is used with every authorization grant type except for the implicit grant type (since an access token is issued directly).

Based on request, this endpoint can grant following types of tokens:

URL to access token endpoint on Janssen Server is listed in the response of Janssen Server's well-known configuration endpoint given below.

token_endpoint claim in the response specifies the URL for userinfo endpoint. By default, userinfo endpoint looks like below:

In response to a valid request, the token endpoint returns token/s in JSON format similar to below. This is just a sample response. Actual response can greatly vary in its contents based on request:

  HTTP/1.1 200 OK
  Content-Type: application/json
  Cache-Control: no-store
  Pragma: no-cache

   "access_token": "SlAV32hkKG",
   "token_type": "Bearer",
   "refresh_token": "8xLOxBtZp8",
   "expires_in": 3600,
   "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc

More information about request and response of the token endpoint can be found in the OpenAPI specification of jans-auth-server module.

Configuration Properties#

Token endpoint and tokens issued by token endpoint can be further configured using Janssen Server configuration properties listed below. When using Janssen Text-based UI(TUI) to configure the properties, navigate via Auth Server->Properties.

Client Authentication#

Janssen Server Token Endpoint requires confidential clients to authenticate using one of the supported client authentication method listed below:

  • client_secret_basic
  • client_secret_post
  • client_secret_jwt
  • private_key_jwt

Refer to Client Authentication section of OpenID Connect core specification for more details on these authentication methods.

Client can specify the default authentication method. To set default authentication method using Janssen Text-based UI(TUI), navigate via Auth Server->Clients->Add Client->Basic-> Authn Method Token Endpoint.

Supported Grant Types#

Token endpoint supports below mentioned grant types.

Client can configure all the possible grant types it can request from token endpoint during client configuration. To select the available grant types using Janssen Text-based UI(TUI), navigate via Auth Server->Clients->Add Client/search client->Basic-> Grant.

Interception Scripts#

Token endpoint response can be further customized using interception scripts. Following interception scripts are relevant to token endpoint:

Client can configure a particular script to be executed using client configuration. To update configuration using Janssen Text-based UI(TUI) navigate via Auth Server->Clients->Add Client/search-> Client Scripts

Last update: 2024-03-29
Created: 2022-07-21