Authorization Code com PKCE
sequenceDiagram
participant Client
participant AuthServer
Client->>AuthServer: (A) Authorization Request\n+ t(code_verifier), t_m
AuthServer->>Client: (B) Authorization Code
Client->>AuthServer: (C) Access Token Request\n+ code_verifier
AuthServer->>Client: (D) Access Token
Authorization Request
GET /oauth2/authorize?client_id={client_id}&response_type=code&redirect_uri={redirect_uri}&scope={scope}&code_challenge={code_challenge}&code_challenge_method=S256 HTTP/1.1
Host: id.btgpactual.comAuthorization Response
HTTP/1.1 302 Found
Location: {redirect_uri}?code={authorization_code}&iss=https%3A%2F%2Fid.btgpactual.comToken Request
POST /oauth2/token HTTP/1.1
Host: id.btgpactual.com
Content-type: application/x-www-form-urlencoded
client_id={client_id}&code={authorization_code}&redirect_uri={redirect_uri}&grant_type=authorization_code&code_verifier={code_verifier}Token Response
HTTP/1.1 200 OK
Content-Type: application/json
{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6InZfT2NvN21uRjBwbERCTU9FTUxlRjFhc01jR3hERURxVVhXdktHWUtWOFkifQ.eyJzdWIiOiIwMDUwNjQ5MzI5NiIsInNjb3BlIjoiYXBwcyBlbWFpbCBvcGVuaWQgcHJvZmlsZSB3ZWJob29rcyIsImlzcyI6Imh0dHBzOi8vaWQuYnRnbWFpc2J1c2luZXNzLmNvbSIsImV4cCI6MTYyODc0MDQxMSwiaWF0IjoxNjI4NjU0MDExLCJjbGllbnRfaWQiOiJkZXZlbG9wZXJzLmRldnBvcnRhbCIsImp0aSI6IjNsX0JKVldZTHhmSnh6ckFhb1lDTjZCVVU5Wks5S3hkb3ZiY0xZNTNNdUEifQ.Vp8CxDXaP9TST5NGpygyqf85cHg5reiT8HtW1WbcPFYshOUaVtiExbUDR_ZSyV-doeUlGNyRq_FSL_bf5HFlOQF6QAtX9i9pYBQGUZGptW8S3a9WjDsMeOluk1BHimuPFOp8jK6vHazfqzHuki-3w4_nJTx_qKK77Wx7FC3XqojE2oXpkN6VnezLTXW5V-tQEVqNCF9Fp_pOS-UtBWwO6UUHRBYXc4JtB0IbxIOS38r1gGiKgaePb7s6Z66ZD4zjc5A_xZeLmBzrdSxLXrcJp7au5gx6Y9tgw3hDFSA9AGZlI35fIAGhU7_jD0DtpFXrQWLbN5lF5663NWvyhbYlwg","refresh_token":"WV6G4HKBrvgiLoFdMBiVxeCHWvqIOr1ASkMcYmX-EI8","scope":"apps email openid profile webhooks","id_token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIwMDUwNjQ5MzI5NiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdXRoX3RpbWUiOjE2Mjg2NTM5ODUsImN1c3RvbTpvcmlnaW4iOiJhZG1pbiIsImVtYWlsIjoiZW1lcnNvbi5zb2FyZXNAYnRncGFjdHVhbC5jb20iLCJpc3MiOiJodHRwczovL2lkLmJ0Z21haXNidXNpbmVzcy5jb20iLCJhdWQiOlsiZGV2ZWxvcGVycy5kZXZwb3J0YWwiXSwiZXhwIjoxNjI4NzQwNDExLCJpYXQiOjE2Mjg2NTQwMTEsInNfaGFzaCI6IlVhQkdKSEV2d24tOHl3OXZabW45ZmcifQ.Urg9j5s9BckHVTqsJGJASc1FlcJoHgllDNdc5WJY3EQ","token_type":"Bearer","expires_in":86400}HTTP/1.1 200 OK
Content-Type: application/json
{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6InZfT2NvN21uRjBwbERCTU9FTUxlRjFhc01jR3hERURxVVhXdktHWUtWOFkifQ.eyJzdWIiOiIwMDUwNjQ5MzI5NiIsInNjb3BlIjoiYXBwcyBlbWFpbCBvcGVuaWQgcHJvZmlsZSB3ZWJob29rcyIsImlzcyI6Imh0dHBzOi8vaWQuYnRnbWFpc2J1c2luZXNzLmNvbSIsImV4cCI6MTYyODc0MDQxMSwiaWF0IjoxNjI4NjU0MDExLCJjbGllbnRfaWQiOiJkZXZlbG9wZXJzLmRldnBvcnRhbCIsImp0aSI6IjNsX0JKVldZTHhmSnh6ckFhb1lDTjZCVVU5Wks5S3hkb3ZiY0xZNTNNdUEifQ.Vp8CxDXaP9TST5NGpygyqf85cHg5reiT8HtW1WbcPFYshOUaVtiExbUDR_ZSyV-doeUlGNyRq_FSL_bf5HFlOQF6QAtX9i9pYBQGUZGptW8S3a9WjDsMeOluk1BHimuPFOp8jK6vHazfqzHuki-3w4_nJTx_qKK77Wx7FC3XqojE2oXpkN6VnezLTXW5V-tQEVqNCF9Fp_pOS-UtBWwO6UUHRBYXc4JtB0IbxIOS38r1gGiKgaePb7s6Z66ZD4zjc5A_xZeLmBzrdSxLXrcJp7au5gx6Y9tgw3hDFSA9AGZlI35fIAGhU7_jD0DtpFXrQWLbN5lF5663NWvyhbYlwg","refresh_token":"WV6G4HKBrvgiLoFdMBiVxeCHWvqIOr1ASkMcYmX-EI8","scope":"apps email openid profile webhooks","id_token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIwMDUwNjQ5MzI5NiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdXRoX3RpbWUiOjE2Mjg2NTM5ODUsImN1c3RvbTpvcmlnaW4iOiJhZG1pbiIsImVtYWlsIjoiZW1lcnNvbi5zb2FyZXNAYnRncGFjdHVhbC5jb20iLCJpc3MiOiJodHRwczovL2lkLmJ0Z21haXNidXNpbmVzcy5jb20iLCJhdWQiOlsiZGV2ZWxvcGVycy5kZXZwb3J0YWwiXSwiZXhwIjoxNjI4NzQwNDExLCJpYXQiOjE2Mjg2NTQwMTEsInNfaGFzaCI6IlVhQkdKSEV2d24tOHl3OXZabW45ZmcifQ.Urg9j5s9BckHVTqsJGJASc1FlcJoHgllDNdc5WJY3EQ","token_type":"Bearer","expires_in":86400}Updated about 1 month ago