Post-Authorization token endpoint¶
If the token endpoint URL cannot be determined before the end-user has completed the sign-in process, an alternative token endpoint URL may be supplied.
The contents of the
tk=parameter must be URL encoded.
For example, to return the following information:
Redirection URI is https://localhost
Authorization code (RFC 6749#section-4.1.2) is “abcdefg”
Token endpoint URL is https://contoso.com/api/token/?extra=stuff
As a result, all calls to the token endpoint for obtaining access token via authentication-code exchange, or refresh flows using the refresh token, will hit this URL instead of the one initially returned as described at Bootstrapping OAuth2.