2.2.3.2 assertion
-
POST /token HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded grant_type={grant_type}&client_id={client_id}&redirect_uri={redirect_uri}&requested_token_use={requested_token_use}&assertion={assertion}&resource={resource}
OPTIONAL
The assertion parameter is optional, and can be specified by the client role of the OAuth 2.0 Protocol Extensions in the POST body when making a request to the token endpoint (section 3.2.5.2). The client provides an access token previously received from the AD FS server in the assertion parameter when making an OAuth on-behalf-of request or an OAuth logon certificate request.
The AD FS server ignores this parameter unless its ad_fs_behavior_level is AD_FS_BEHAVIOR_LEVEL_2 or higher.
For an example of the assertion parameter being used, see section 4.7.
The format for the assertion parameter is as follows.
-
String = *(%x20-7E) assertion = String