Create JWT access token

POST 
/api/v1/auth/tokens

Exchanges an existing authentication credential (header, body, cookie or refresh token) for a JWT access token.

Authentication Methods

1. Authorization Header (Recommended) Use the Authorization Bearer header with a valid token to perform the token exchange.

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

2. Cookie Authentication Use the 'AdvOidc.Login' cookie (automatically detected if present).

3. Refresh Token Use grant_type=refresh_token with a valid refresh token to obtain a new JWT.

{
  "refreshToken": "d891ac59aef945a3b67dc2ef569b20aa"
}

Parameters

• grant_type: Set to refresh_token when using a refresh token to obtain a new JWT
• refreshToken (string, optional): Required when grant_type is refresh_token. Provide a valid Refresh Token to obtain a new JWT

Responses

• 201 Created: Successfully returns a new access_token
• 403 Forbidden: No valid credentials found

Security

• This API supports multiple authentication methods for flexibility
• Priority order: Refresh token → Authorization header → Cookie
• Applicable for both public and internal applications, but authentication is required

Request

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

501

Not Implemented