2.2.3.1 requested_token_use
-
POST /token HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded grant_type={grant_type}&client_id={client_id}&redirect_uri={redirect_uri}&requested_token_use={requested_token_use}&assertion={assertion}&resource={resource}
OPTIONAL
The requested_token_use parameter is optional, and can be specified by the client role of the OAuth 2.0 Protocol Extensions in the POST body when making a request to the token endpoint (section 3.2.5.2). The client provides a value of "on_behalf_of" to indicate that the request should be processed as an OAuth on-behalf-of request and a value of "logon_cert" to indicate that the request should be processed as an OAuth logon certificate request.
The AD FS server ignores this parameter unless its ad_fs_behavior_level is AD_FS_BEHAVIOR_LEVEL_2 or higher.
For an example of the requested_token_use parameter being used, see section 4.7.
The format for the requested_token_use parameter is as follows.
-
String = *(%x20-7E) requested_token_use = String