Token endpoint - Authorization Header

The /api/v1/oauth/token endpoint uses the Basic HTTP Authentication scheme (as defined in rfc7617).

The format for the header is: Basic : <credentials encoded as base64>. A step-by-step to formatting in .NET:

  • Take the clientId and the secret and format them as delimited by a colon (:)

string credentials = $"{clientId}:{clientSecret}";

  • Next, encode this string as a base64 string

byte[] credentialsByteData = Encoding.GetEncoding("iso-8859-1").GetBytes(credentials);
string base64Credentials = Convert.ToBase64String(credentialsByteData);

  • Lastly, format it to include the "Basic" keyword, followed by the now encoded credentials:

return $"Basic {base64Credentials}";

Put together in a method that can be reused for both token and refresh token requests:

public string GenerateBasicAuthorizationHeaderValue(string clientId, string clientSecret)
{
    string credentials = $"{clientId}:{clientSecret}";
    byte[] credentialsByteData = Encoding.GetEncoding("iso-8859-1").GetBytes(credentials);
    string base64Credentials = Convert.ToBase64String(credentialsByteData);
    return $"Basic {base64Credentials}";
}

PreviousHeadless API AuthenticationNextAuthorization Scopes

Last updated