User Access Tokens

Returns an access token providing access to the GraphQL API on behalf of an individual Warhorn user.

This request can only be performed after an authorization request.

Parameters

client_id: REQUIRED. The application’s client ID as listed in your Warhorn account settings.
client_secret: REQUIRED for confidential applications only. The application’s client secret as listed in your Warhorn account settings.
code: REQUIRED The authorization code returned to your application in the redirect URL after the user authorized your application to access Warhorn.
grant_type: REQUIRED. MUST be client_credentials.
redirect_uri: REQUIRED. Your application’s redirect URL as configured in your Warhorn account settings.

Response Entity

access_token: The application token.
id_token: An OpenID Connect ID token, if the openid scope was requested in the authorization request.
token_type: Will always be bearer.

Example

POST /oauth/token HTTP/1.1
Host: warhorn.net
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&client_id=Lw897vn3R7y6M2NfsA2BxJGM
&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foauth
&code=muCvSdwVv4UiSWM2QHn3W64J


```text
200 OK
Content-Type: application/json; charset=utf-8
Cache-Control: private, no-store
Pragma: no-cache

{
  "access_token":"y1XX8rsAPrEfdk4GBAXZH2TL",
  "id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImRlZmF1bHQifQ.eyJpc3MiOiJodHRwczovL3dhcmhvcm4ubmV0Iiwic3ViIjoiMDAwMDAwMDAwMSIsImF1ZCI6Ikx3ODk3dm4zUjd5Nk0yTmZzQTJCeEpHTSIsImV4cCI6NDcxNzQ5ODM2MiwiaWF0IjoxNTYxODIxMTYyLCJub25jZSI6ImU4YjNjZGY3MTU2YjA1Njk4YWQwIn0.CDu2DvDB8Mgc-ptTojCQf0DuN2rHFAuMEL0kW74ZsDXpPb1-2wxtOB1JtxNqHF5QAm1nqYHd0JftUC3wn_migmz0nN99hZJwUJY2df5DDb7RTzMjShnpclfszizQWbXEUI8rJFyxEh5cUaLUml1zZCdM1txNKBzwcwhEKwZIVdgLZ6D4lEJJSiN13ND6nhRWpdKhTqLvrviACEU5Qt5RKsjBkZho6yvGjIfDOLux8KyiL7KzN5ypZFrYOhKq47AhbPCp7-v4QtKWphplUW54OneRX-B-PGxwBW39o9pct_CXT1KAXAomKjWGH0IialwaDaq-1eRGs1lfzKAN5Mi4bQ",
  "token_type":"bearer"
}

Notes

The authorization code issued by the authorization endpoint does not currently expire but may in the future. Your app should assume that the code could expire within one minute of issuance.

An authorization code may only be used once. Subsequent attempts will result in error responses. If a token request fails for any reason, your app should not retry the token request but instead start the authorization flow over again.

Configuration

Token endpoint: https://warhorn.net/oauth/token