# [OAuth2.0] Generate JWT Use this call: * To get a user JWT. * To refresh the JWT when it expires. Works only if scope=offline is passed in the registration or authentication call. * To get a server JWT. The user participation isn’t needed. * To exchange user JWT for a new one with different scope. Usage of this call depends on the value of the grant_type parameter. Endpoint: POST /oauth2/token Version: v1 ## Request fields (application/x-www-form-urlencoded): - `refresh_token` (string) Value of this parameter received in the response to the last request of this call with authorization_code or refresh_token values in the grant_type parameter. Required if grant_type=refresh_token. - `grant_type` (string, required) The type of getting the JWT. Can be: * authorization_code to exchange the code received in the authentication call to the JWT. The value of the code parameter must be specified. * refresh_token to get the refreshed JWT when the previous value is expired. The value of the refresh_token parameter must be specified. * client_credentials to get the server JWT. The values of the client_id and client_secret parameters must be specified. * urn:ietf:params:oauth:grant-type:token_exchange to exchange existing user JWT with different scope. - `client_secret` (string) Your secret key. The value for this parameter depends on the value of the grant_type parameter: * If it’s authorization_code, [create an OAuth 2.0 client and use its secret key](https://developers.xsolla.com/doc/login/features/connecting-oauth2/). Required if you created an OAuth 2.0 client with confidential authentication type. * If it’s client_credentials, contact your Customer Success Manager to create a server OAuth 2.0 client and get its secret key. Required for this client type. Note that values for client_secret and client_id parameters should be used from the same client. - `client_id` (string, required) Your application ID. The value for this parameter depends on the value of the grant_type parameter: * If it’s authorization_code, [create an OAuth 2.0 client and use its client ID](https://developers.xsolla.com/doc/login/features/connecting-oauth2/). * If it’s client_credentials, contact your Customer Success Manager to create a server OAuth 2.0 client and get its client ID. Note that values for client_secret and client_id parameters should be used from the same client. - `redirect_uri` (string) - `code` (string) Authentication code that is exchanged to a JWT. Required if grant_type=authorization_code. - `code_verifier` (string) The code verifier for the PKCE request, that the app originally generated before the authorization request. - `audience` (string) List of domains for which token can be applied - `scope` (string) A list of space-delimited, case-sensitive strings, as defined in Section 3.3 of [RFC6749], that allow the client to specify the desired scope of the requested security token in the context of the service or resource where the token will be used. The values and associated semantics of scope are service specific and expected to be described in the relevant service documentation - `subject_token` (string) A security token that represents the identity of the party on behalf of whom the request is being made. Typically, the subject of this token will be the subject of the security token issued in response to the request. - `subject_token_type` (string) A security token that represents the identity of the party on behalf of whom the request is being made. Typically, the subject of this token will be the subject of the security token issued in response to the request. Enum: "access_token" - `actor_token` (string) A security token that represents the identity of the acting party. Typically, this will be the party that is authorized to use the requested security token and act on behalf of the subject. - `actor_token_type` (string) An identifier, as described in Section 3, that indicates the type of the security token in the actor_token parameter. This is REQUIRED when the actor_token parameter is present in the request but MUST NOT be included otherwise. Enum: "server_token" ## Response 200 fields (application/json): - `access_token` (string, required) Xsolla Login JWT. - `expires_in` (integer) JWT expiration period in seconds. Default value is 3600 seconds. - `refresh_token` (string) Value to refresh the JWT. Used for getting new access_token. - `scope` (string) Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. - `token_type` (string, required) JWT type with bearer value. ## Response 400 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information. ## Response 404 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information. ## Response 418 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information. ## Response 422 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information. ## Response 429 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information.