# Access token (M2M)

{% hint style="info" %}
***This page must be considered part of the iSHARE Framework***

*This page is considered normative and is therefore compliant with RFC 2119.*
{% endhint %}

## Obtains access token

> Used to obtain an OAuth access token from a Participant Registry, Authorization Registry or Service Provider. The access token must be added  under "Authorization" header attribute for secured endpoints. Refer to relevant  endpoints on proper usage.

```json
{"openapi":"3.0.0","info":{"title":"generic iSHARE API specifications","version":"2.1.1"},"tags":[{"name":"Participant Registry","description":"Endpoints that form the iSHARE Participant Registry API specification."},{"name":"Service Provider","description":"Endpoints that form the Service Provider API specification."},{"name":"Authorisation Registry","description":"Endpoints that form the Authorisation Registry API specification."}],"servers":[{"description":"iSHARE UAT network base domain","url":"https://isharetest.net"},{"description":"iSHARE TEST network base domain","url":"https://test.ishareworks.nl"}],"paths":{"/[v2.1.1]/connect/token":{"post":{"requestBody":{"content":{"application/x-www-form-urlencoded":{"schema":{"required":["grant_type","scope","client_id","client_assertion_type","client_assertion"],"type":"object","properties":{"grant_type":{"description":"OAuth 2.0 grant type. MUST contain “client_credentials”","type":"string"},"scope":{"description":"OAuth 2.0 scope. MUST contain iSHARE scope value. Other values allow the Service Consumer to get tokens that do not include all rights the Service Consumer has. According to RFC 6749, scopes are case-sensitive.","type":"string"},"client_id":{"description":"Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain a valid party identifier of the Service Consumer","type":"string"},"client_assertion_type":{"description":"Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain “urn:ietf:params:oauth:client-assertion-type:jwt-bearer”","type":"string"},"client_assertion":{"description":"Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain JWT token conform iSHARE specifications, signed by the client.","type":"string"}}}}},"required":true},"tags":["Participant Registry","Authorisation Registry","Service Provider"],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ConnectTokenResponse"}}},"description":"OK"}},"deprecated":false,"operationId":"/connect/token","summary":"Obtains access token","description":"Used to obtain an OAuth access token from a Participant Registry, Authorization Registry or Service Provider. The access token must be added  under \"Authorization\" header attribute for secured endpoints. Refer to relevant  endpoints on proper usage."}}},"components":{"schemas":{"ConnectTokenResponse":{"title":"ConnectTokenResponse","type":"object","properties":{"access_token":{"type":"string"},"token_type":{"type":"string"},"expires_in":{"type":"number"}}}}}}
```

The format of `access_token` is not defined by this specification. They are left to the server and should be opaque to the Service Consumer.

{% hint style="info" %}
According to [RFC 6749](https://tools.ietf.org/html/rfc6749), scopes are case-sensitive.
{% endhint %}