This document describes support for the OAuth2 protocol within the authorization server. RFC6749 should be used as a reference for the protocol and HTTP endpoints described here.
Note: Not all token servers implement oauth2. If the request to the endpoint returns 404
using the HTTP POST
method, refer to Token Documentation for using the HTTP GET
method supported by all token servers.
The format of the refresh token is completely opaque to the client and should be determined by the authorization server. The authorization should ensure the token is sufficiently long and is responsible for storing any information about long-lived tokens which may be needed for revoking. Any information stored inside the token will not be extracted and presented by clients.
POST /token
Content-Type: application/x-www-form-urlencoded
POST /token HTTP/1.1 Host: auth.docker.io Content-Type: application/x-www-form-urlencoded grant_type=password&username=johndoe&password=A3ddj3w&service=hub.docker.io&client_id=dockerengine&access_type=offline HTTP/1.1 200 OK Content-Type: application/json {"refresh_token":"kas9Da81Dfa8","access_token":"eyJhbGciOiJFUzI1NiIsInR5","expires_in":900,"scope":""}
POST /token HTTP/1.1 Host: auth.docker.io Content-Type: application/x-www-form-urlencoded grant_type=refresh_token&refresh_token=kas9Da81Dfa8&service=registry-1.docker.io&client_id=dockerengine&scope=repository:samalba/my-app:pull,push HTTP/1.1 200 OK Content-Type: application/json {"refresh_token":"kas9Da81Dfa8","access_token":"eyJhbGciOiJFUzI1NiIsInR5":"expires_in":900,"scope":"repository:samalba/my-app:pull,repository:samalba/my-app:push"}