Product Introduction

Overview

Strengths

Use Cases

Purchase Guide

Operation Guide

User pool management

User management

Application management

Authentication management

Audit management

Custom settings

Development Guide

Overview

Access via Authentication API

Get User Information

Update User Information

Modify User Password

Reset User Password

Get Token

Get JWT Public Key

Refresh Token

Revoke Token

Get OpenID Provider Configuration

API Documentation

History

Introduction

API Category

Making API Requests

User Management APIs

Data Sync APIs

Audit Management APIs

Data Types

Error Codes

FAQs

Features

Billing

CIAM Policy

Data Processing And Security Agreement

Account and Password Authentication

PDF

포커스 모드

폰트 크기

마지막 업데이트 시간: 2023-12-22 11:42:07

API Description
This API is used to verify the username and password and get the Access Token and ID Token for login. This API adopts the Resource Owner Password Credentials mode of the OAuth 2.0 protocol for authentication.
Note: 
 The password is passed between the user’s client and the application. Make sure that you use a trusted application to call this API, and properly transmit the password. For example, make sure that the HTTPS protocol is used. We recommend that you use Login via Authentication Portal first if possible.
Supported Applications
Web applications, single-page applications (SPA), and mobile applications.
Request Method
POST
Request Path
/oauth2/token
Request Content-Type
application/x-www-form-urlencoded
Sample Requests
POST /oauth2/token HTTP/1.1
Host: sample.portal.tencentciam.com
Content-Type: application/x-www-form-urlencoded
grant_type=password&client_id=TENANT_CLIENT_ID&client_secret=TENANT_CLIENT_SECRET&auth_source_id=MOCK_USERNAME_PASSWORD_AUTH_SOURCE_ID&username=MOCK_USERNAME&password=MOCK_PASSWORD&scope=openid
Request Parameters
Parameter
Optional
Description
grant_type
false
Fixed value: password.
client_id
false
The client_id of the application. Go to the application management page and select the application, and then click Application Configuration to find the Client ID.
client_secret
true
The client_secret of the application. Go to the application management page and select the application, and then click Application Configuration to find the client_secret. 
This parameter is required for web applications, 
yet it is not needed for SPA and mobile applications. 
auth_source_id
false
ID of the account and password authentication source. You can view it on the General Authentication Source page on the console.
username
false
Username. The authentication source attributes that need to be configured with the account and password authentication source include the username, mobile number, and email address.
password
false
User password.
scope
true
This parameter is not required. If this parameter is used, the value should be openid.
Sample Success Responses
Authentication successful
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
﻿
{
  "access_token" : "eyJraWQiOiI1MzQyOGU3ZS1kOTJiLTQ3OTAtOGIwMC0wMmEyZjc4NjUxNzMiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJNT0NLX1VTRVJfSUQiLCJhdWQiOiJURU5BTlRfQ0xJRU5UX0lEIiwibmJmIjoxNjQwNTg4ODI2LCJzY29wZSI6WyJvcGVuaWQiXSwiaXNzIjoiaHR0cHM6XC9cL3NhbXBsZS5wb3J0YWwudGVuY2VudGNpYW0uY29tIiwiZXhwIjoxNjQwNTg5MTI2LCJpYXQiOjE2NDA1ODg4MjYsImp0aSI6IjU0ODZhNWRhLTE0YTYtNDNkZC04MWNkLTEwNmRiMDVhMjJmZiJ9.cd2hoQEVZLGcRaqhDLs-W8m9IN2pDT4XzluxYz4ulNwHTfBTu_1NamlH0kmd0KDhzBMRAl6YXHVDVOXZEV47C1uoYDATnwQetUsg8eJObzlPEVZ81ovU-eRm7I0lQ_MVI9MC7jMcdOKvEDJCOJtnwtorkQpqEPYovrxctNvvClqLBsDVbUebC2-iUGwz4vWE-DL17M39rqtmwXv6C21ovv6Pe9BSUUAj_CzHSV-ZSF7fjyYjnlTEOLjilFNsFD9Ow1czNFqnwxkc7dwugOGJ7qM30zuTgSme76K3tLbol8fKO-CUKglZO9mWIXUWizhePTzd3CKGE4C7gUHR40EjNw",
  "refresh_token" : "7uqTlthTQrzIZx8joT20chQbakZp81_iv39GTyCpsEyYpWoquNhuB3s6qEQHGeu2RBpaZcavFf9UOdgtUaCjB42D478MISnj6qBY52q3Pd5eNBBcXZ68oqMkFVidvgha",
  "scope" : "openid",
  "id_token" : "eyJraWQiOiI1MzQyOGU3ZS1kOTJiLTQ3OTAtOGIwMC0wMmEyZjc4NjUxNzMiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJNT0NLX1VTRVJfSUQiLCJhdWQiOiJURU5BTlRfQ0xJRU5UX0lEIiwiYXpwIjoiVEVOQU5UX0NMSUVOVF9JRCIsImlzcyI6Imh0dHBzOlwvXC9zYW1wbGUucG9ydGFsLnRlbmNlbnRjaWFtLmNvbSIsImV4cCI6MTY0MDU5MDYyNiwiaWF0IjoxNjQwNTg4ODI2LCJqdGkiOiI0Mzg0OTUwYS0zOTFlLTQ3MDgtYjFjYS05ZjVkNzQzN2Q3ZDIifQ.kaquINkB64dRAaXPG8KLBCpZ6hwNxtA5ruXpwYgEzFHppXQMqPRQQ-Iwn0659lpy8B2CqjRIar_A1xS518Uua3ItkUtoJQXcIxLDSGRatk6mZ6q7XgOHvALsLhQlYQjn36kXdnOJipPVB124y-o20UHwUC27nUH0e9GuYxwX3p56684NB4xJXUfEL2yl9Zt8rMEpD1I1hI5exg75ZP7MCSjzoNgr7fmpGuDNWWhRALh6sY4Dv5BSgE9B0No0xwFOLnAV4NMsvimJg5rBlJXepOhW4JfwZ3TnzXtDUk3oeajhRxPtjbkxt5NrSYMxUwBggkcoi4eOfVpo8crmQNrSVQ",
  "token_type" : "Bearer",
  "expires_in" : 299
}
Response parameters
Parameter
Data Type
Description
access_token
String
OAuth 2.0 Access Token (JSON Web Token, or JWT).
token_type
String
Token type. Fixed value: Bearer.
expires_in
Number
Validity period of Access Token (unit: sec)
scope
String
Access Token scope.
refresh_token
String
OAuth 2.0 Refresh Token.
id_token
String
OpenID Connect (OIDC) ID Token (JWT).
Sample Error Responses
Incorrect username or password.
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
﻿
{
"error" : "invalid_grant",
"error_description" : "Wrong username or password"
}
Abnormal user status. For example, the account is locked or frozen.
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
﻿
{
"error" : "invalid_grant",
"error_description" : "Abnormal user status"
}
An attribute that is not supported by the authentication source is used as the username. For example, an email address is passed as the username, but the authentication source of the account and password does not configure the email address as a authentication source attribute.
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
﻿
{
"error" : "invalid_grant",
"error_description" : "Unsupported username identifier"
}
The authentication source is not the preferred one or is not associated with the application.
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
﻿
{
"error" : "invalid_auth_source",
"error_description" : "Auth source and application not associated"
}
﻿

도움말 및 지원

문제 해결에 도움이 되었나요?

더 자세한 내용은 문의하기 또는 티겟 제출 을 통해 문의할 수 있습니다.

피드백

tencent cloud

Customer Identity and Access Management

Account and Password Authentication

API Description

Supported Applications

Request Method

Request Path

Request Content-Type

Sample Requests

Request Parameters

Sample Success Responses

Authentication successful

Response parameters

Sample Error Responses

도움말 및 지원

Parameter	Optional	Description
grant_type	false	Fixed value: `password`.
client_id	false	The `client_id` of the application. Go to the application management page and select the application, and then click Application Configuration to find the Client ID.
client_secret	true	The `client_secret` of the application. Go to the application management page and select the application, and then click Application Configuration to find the client_secret. This parameter is required for web applications, yet it is not needed for SPA and mobile applications.
auth_source_id	false	ID of the account and password authentication source. You can view it on the General Authentication Source page on the console.
username	false	Username. The authentication source attributes that need to be configured with the account and password authentication source include the username, mobile number, and email address.
password	false	User password.
scope	true	This parameter is not required. If this parameter is used, the value should be `openid`.

Parameter	Data Type	Description
access_token	String	OAuth 2.0 Access Token (JSON Web Token, or JWT).
token_type	String	Token type. Fixed value: `Bearer`.
expires_in	Number	Validity period of Access Token (unit: sec)
scope	String	Access Token scope.
refresh_token	String	OAuth 2.0 Refresh Token.
id_token	String	OpenID Connect (OIDC) ID Token (JWT).