# Access token (M2M)

{% hint style="info" %}
***This page must be considered part of the iSHARE Framework***

*This page is considered normative and is therefore compliant with RFC 2119.*
{% endhint %}

## Obtains access token

> Used to obtain an OAuth access token from a Participant Registry, Authorization Registry or Service Provider. The access token must be added  under "Authorization" header attribute for secured endpoints. Refer to relevant  endpoints on proper usage.

```json
{"openapi":"3.0.0","info":{"title":"iSHARE API specifications","version":"3.0"},"tags":[{"name":"Participant Registry (Required)","description":"Required endpoints for the iSHARE Participant Registry API."},{"name":"Service Provider (Required)","description":"Required endpoints for the iSHARE Service Provider API."},{"name":"Authorisation Registry (Required)","description":"Required endpoints for the iSHARE Authorisation Registry API."}],"servers":[{"description":"iSHARE test network base domain","url":"https://isharetest.net"}],"paths":{"/connect/token":{"post":{"requestBody":{"content":{"application/x-www-form-urlencoded":{"schema":{"required":["grant_type","scope","client_id","client_assertion_type","client_assertion"],"type":"object","properties":{"grant_type":{"description":"OAuth 2.0 grant type. MUST contain “client_credentials”","type":"string"},"scope":{"description":"OAuth 2.0 scope. MUST contain iSHARE scope value. Other values allow the Service Consumer to get tokens that do not include all rights the Service Consumer has. According to RFC 6749, scopes are case-sensitive.","type":"string"},"client_id":{"description":"Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain a valid party identifier of the Service Consumer","type":"string"},"client_assertion_type":{"description":"Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain “urn:ietf:params:oauth:client-assertion-type:jwt-bearer”","type":"string"},"client_assertion":{"description":"Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain JWT token conform iSHARE specifications, signed by the client.","type":"string"}}}}},"required":true},"tags":["Participant Registry (Required)","Authorisation Registry (Required)","Service Provider (Required)"],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/connectTokenResponse"}}},"description":"OK"}},"deprecated":false,"operationId":"request-oauth-token","summary":"Obtains access token","description":"Used to obtain an OAuth access token from a Participant Registry, Authorization Registry or Service Provider. The access token must be added  under \"Authorization\" header attribute for secured endpoints. Refer to relevant  endpoints on proper usage."}}},"components":{"schemas":{"connectTokenResponse":{"title":"ConnectTokenResponse","type":"object","properties":{"access_token":{"type":"string"},"token_type":{"type":"string"},"expires_in":{"type":"number"}}}}}}
```

The format of `access_token` is not defined by this specification. They are left to the server and should be opaque to the Service Consumer.

{% hint style="info" %}
According to [RFC 6749](https://tools.ietf.org/html/rfc6749), scopes are case-sensitive.
{% endhint %}