Third Party application token endpoint | API Reference

Request Body

application/json

grant_type?string

code?string

client_id?string

client_secret?string

code_verifier?string

scope?string

refresh_token?string

tenantId?string

resource?string

RFC 8707 - OAuth 2.0 Resource Indicators - Token Endpoint only supports receiving a single resource

audience?string

assertion?string

client_assertion_type?string

client_assertion?string

device_code?string

project_id?string

mcp_server_id?string

subject_token?string

subject_token_type?string

auth_req_id?string

Third Party application token endpoint

curl -X POST "https://api.descope.com/oauth2/v1/apps/token" \
  -H "Content-Type: application/json" \
  -d '{}'

curl -X POST "https://api.descope.com/oauth2/v1/apps/token" \  -H "Content-Type: application/json" \  -d '{}'

ResponseOK

{
  "access_token": "string",
  "token_type": "string",
  "refresh_token": "string",
  "id_token": "string",
  "expires_in": 0,
  "scope": "string",
  "error": "string",
  "description": "string",
  "issued_token_type": "string"
}

{  "access_token": "string",  "token_type": "string",  "refresh_token": "string",  "id_token": "string",  "expires_in": 0,  "scope": "string",  "error": "string",  "description": "string",  "issued_token_type": "string"}

TypeScript

export interface Response {
access_token?: string
token_type?: string
refresh_token?: string
id_token?: string
expires_in?: number
scope?: string
/**
 * Those fields are in use just in case of error of device flow scenario (where device polling on the specific error response)
 */
error?: string
description?: string
issued_token_type?: string
}

export interface Response {access_token?: stringtoken_type?: stringrefresh_token?: stringid_token?: stringexpires_in?: numberscope?: string/** * Those fields are in use just in case of error of device flow scenario (where device polling on the specific error response) */error?: stringdescription?: stringissued_token_type?: string}

Was this helpful?