The token endpoint can be used to programmatically request tokens. It supports the password, authorization_code, client_credentials, refresh_token and token_exchange grant types).
...
authorization_code, client_credentials, password, refresh_token or urn:ietf:params:oauth:grant-type:token-exchange
...
code_verifier PKCE proof key
usernameresource owner username (required for password grant type)
passwordresource owner password (required for password grant type)
refresh_tokenthe refresh token (required for refresh_token grant type)
...
subject_token used for the token_exchange grant type. A base64-encoded access token to be exchanged
Return values
In the case of a successful request HelseID will return the following parameters:
identity_token the Identity Token, as a Base64 encoded JWT, that corresponds to the current user session. This is only returned when using the authorization_code flow.
access_token the Access Token as a Base64 encoded JWT.
token_type the type of token returned. For HelseID this will always be bearer, indicating that the token should be used as a bearer token.
expires_in the number of seconds until the access token expires.
refresh_token the Refresh Token. This is only returned when the user requests a Refresh Token using the offline_access scope or when using the refresh_token flow.
rt_expires_in the number of seconds until the refresh token expires. This value is not part of the standard Token Endpoint flow, but has been added as a convenience for consumers of HelseID.