To get an access token, we call the authorization server token API (http://localhost:8080/oauth/token), providing the client authentication details in the basic authentication mode, and the user credentials as part of the form data. The following screenshot shows how we can configure the client authentication details in the basic authentication mode:

The following screenshot shows how to configure the user authentication details as part of the POST parameters:

When we execute the request, we get a response similar to the one shown in the following code snippet:

{
 "access_token": "08480948-2139-4d20-9504-5389a47c16ce",
 "token_type": "bearer",
 "refresh_token": "81bfc160-a04c-4e59-bf2f-66e183d9ede8",
 "expires_in": 43199,
 "scope": "openid"
 }

Here are a couple of important details:

• access_token: The client application can use the access token to authenticate further API calls. However, the access token will expire, typically in a very short time period.
• refresh_token: The client application can submit a new request to the authentication server with refresh_token to get a new access_token.