2.2.10 Token Request Message
The Token Request message is sent by the client to the authentication server to retrieve a new partner token. The request MUST contain the challenge from the Partner Server Challenge message the client just received. The challenge itself is opaque to the client and is outside the Passport SSI Version 1.4 Protocol. If the client already has an authentication token, it MUST be passed automatically to the authentication server in an HTTP cookie.
-
Token-Request-Message = "Authorization:" scheme 1*SP "tname=," OrgVerb "," OrgUrl "," challenge
The parameters from the Authentication Server Challenge message MUST NOT have names from the preceding list.
Example:
-
Authorization: Passport1.4 tname=,OrgVerb=GET,OrgUrl= https://partner.example.com/auth.asp,param1,param2
Note The challenge, as in the preceding example, can be any number of comma-separated elements, as specified in section 2.2.1.