Get an Access Token
You need to implement the logic associated with the steps 7 and 8 in "Figure OAuth 2.0 based SSO between LINE WORKS and the customer" and the steps 5 and 6 in "Figure OAuth 2.0 based API authentication" and provide it as an API to LINE WORKS. After verifying the authorization code, the customer's SSO system issues and returns an access token.
Request URL {#access-token-request-url}
https://CustomerDomain/accessToken
You can only use port 80 or 443 according to LINE WORKS's infrastructure security policy.
Register the request URL in Access Token Return API under SSO > WORKS as SP in the Developer Console.
Figure Add OAuth 2.0 based Access Token Return API
Note
- When an access token is issued, the session expiration time is determined by the
expires_invalue; ifexpires_inis not specified, the default login retention period is set to 24 hours (web browser) and 30 days (mobile app and desktop app).- For the public APIs, the default retention period is 1 hour (web browser), 24 hours (mobile app), and 30 days (desktop app).
HTTP method {#access-token-request-method}
POST
Request {#access-token-request-body}
Note
- During API communication, the connection timeout is 1 second and the read timeout is 3 seconds.
| Parameter | Type | Required | Description |
|---|---|---|---|
| grant_type | String | Y | A value to specify the response type. Set this parameter to "authorization_code". |
| client_id | String | Y | The client ID registered in the Developer Console |
| client_secret | String | Y | The client secret registered in the Developer Console |
| code | String | Y | Authorization code |
Response {#access-token-response}
The response is formatted as JSON.
| Property | Type | Required | Description |
|---|---|---|---|
| access_token | String | Y (if successful) | Access token |
| refresh_token | String | N | A token to renew the access token that expired. |
| token_type | String | Y (if successful) | Access token type. It is "Bearer". |
| expires_in | String/Integer | Y (if successful) | The validity period of the access token (in seconds). Login retention period of the application. |
| error | String | Y (if it fails) | Error code returned on failure |
| error_description | String | Y (if it fails) | Error description returned on failure |
Error code {#access-token-response-error-code}
| Code | Message | Description |
|---|---|---|
| 101 | access_denied | Request from unauthorized client |
| 201 | invalid_request | Missing or invalid request |
| 203 | unsupported_grant_type | The grant_type is not supported. |
| 301 | unauthorized_client | Invalid client ID or secret |
| 302 | invalid_authorization | Invalid authorization code |