# OAuth Token Endpoint

Exchanges authorization code for access and refresh tokens.

Endpoint: POST /oauth2/token
Version: 1.0.3
Security: 

## Request fields (application/x-www-form-urlencoded):

  - `grant_type` (string, required)
    The grant type
    Enum: "authorization_code", "refresh_token"

  - `code` (string)
    The authorization code received from the authorization endpoint (required when grant_type is authorization_code)

  - `redirect_uri` (string)
    The same redirect URI used in the authorization request (required when grant_type is authorization_code)

  - `client_id` (string, required)
    The client identifier

  - `client_secret` (string, required)
    The client secret

  - `refresh_token` (string)
    The refresh token (required when grant_type is refresh_token)

## Response 200 fields (application/json):

  - `access_token` (string)
    The access token

  - `token_type` (string)
    The token type
    Enum: "Bearer"

  - `expires_in` (integer)
    Token expiration time in seconds

  - `scope` (string)
    Space-separated list of granted OAuth scopes

  - `refresh_token` (string)
    Refresh token for obtaining new access tokens