Authorize Application

To begin an OAuth 2.0 Authorization flow, your application should first send the user to the authorization URL.

Authorize Endpoint

GET <https://auth3.upbond.io/authorize>?
  audience=API_IDENTIFIER&
  scope=SCOPE&
  response_type=code&
  client_id=${account.clientId}&
  redirect_uri=${account.callback}&
  state=STATE

The purpose of this call is to obtain consent from the user to invoke the API (specified in audience) and perform certain actions (specified in scope) on behalf of the user. Login 3.0 will authenticate the user and obtain consent, unless consent has been previously given. If you alter the value in scope, Login 3.0 will require consent to be given again.

The OAuth 2.0 flows that require user authorization are:

• Authorization Code Flow

• Authorization Code Flow with Proof Key for Code Exchange (PKCE)

• Implicit Flow

Based on the OAuth 2.0 flow you are implementing, the parameters slightly change. To determine which flow is best suited for your case, consult your specific application requirements.

Get Token

POST <https://auth3.upbond.io/oauth/token>
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&client_id=${account.clientId}&client_secret=YOUR_CLIENT_SECRET&code=AUTHORIZATION_CODE&redirect_uri=${account.callback}

For token-based authentication, use the oauth/token endpoint to get an access token for your application to make authenticated calls to a secure API. Optionally, you can also retrieve an ID Token and a Refresh Token. ID Tokens contain user information in the form of scopes your application can extract to provide a better user experience. Refresh Tokens allow your application to request a new access token once the current token expires without interrupting the user experience.

Note that the only OAuth 2.0 flows that can retrieve a Refresh Token are:

• Authorization Code Flow

• Authorization Code Flow with PKCE

• Device Authorization Flow

> RESPONSE SAMPLE:

```JSON
HTTP/1.1 200 OK
Content-Type: application/json
{
  "access_token":"eyJz93a...k4laUWw",
  "refresh_token":"GEbRxBN...edjnXbL",
  "id_token":"eyJ0XAi...4faeEoQ",
  "token_type":"Bearer",
  "expires_in":86400
}