To obtain permissions from {project_name} you send an authorization request to the token endpoint. As a result, {project_name} will
evaluate all policies associated with the resource(s) and scope(s) being requested and issue an RPT with all permissions
granted by the server.
Clients are allowed to send authorization requests to the token endpoint using the following parameters:
* *grant_type*
+
This parameter is *required*. Must be `urn:ietf:params:oauth:grant-type:uma-ticket`.
+
* **ticket**
+
This parameter is *optional*. The most recent permission ticket received by the client as part of the UMA authorization process.
+
* **claim_token**
+
This parameter is *optional*. A string representing additional claims that should be considered by the server when evaluating
permissions for the resource(s) and scope(s) being requested. This parameter allow clients to push claims to {project_name}. For more details about all supported token formats see `claim_token_format` parameter.
formats: `urn:ietf:params:oauth:token-type:jwt` and `https://openid.net/specs/openid-connect-core-1_0.html#IDToken`. The `urn:ietf:params:oauth:token-type:jwt` format
indicates that the `claim_token` parameter references an access token. The `https://openid.net/specs/openid-connect-core-1_0.html#IDToken` indicates that the
This parameter is *optional*. A string representing a set of one or more resources and scopes the client is seeking access. This parameter can be defined multiple times
in order to request permission for multiple resource and scopes. This parameter is an extension to `urn:ietf:params:oauth:grant-type:uma-ticket` grant type in order to allow clients to send authorization requests without a
permission ticket. The format of the string must be: `RESOURCE_ID#SCOPE_ID`. For instance: `Resource A#Scope A`, `Resource A#Scope A, Scope B, Scope C`, `Resource A`, `#Scope A`.
+
* **audience**
+
This parameter is *optional*. The client identifier of the resource server to which the client is seeking access. This parameter is mandatory
in case the `permission` parameter is defined. It serves as a hint to {project_name} to indicate the context in which permissions should be evaluated.
+
* **response_include_resource_name**
+
This parameter is *optional*. A boolean value indicating to the server whether resource names should be included in the RPT's permissions. if false, only the resource
identifier is included.
+
* **response_permissions_limit**
+
This parameter is *optional*. An integer N that defines a limit for the amount of permissions an RPT can have. When used together with
`rpt` parameter, only the last N requested permissions will be kept in the RPT.
+
* **submit_request**
+
This parameter is *optional*. A boolean value indicating whether the server should create permission requests to the resources and scopes referenced by a permission ticket.
This parameter only have effect if used together with the `ticket` parameter as part of a UMA authorization process.
This parameter is *optional*. A string value indicating how the server should respond to authorization requests. This parameter is specially useful when
you are mainly interested in either the overall decision or the permissions granted by the server, instead of an standard OAuth2 response. Possible values are:
+
*** `decision`
+
Indicates that responses from the server should only represent the overall decision by returning a JSON with the following format:
+
```json
{
'result': true
}
```
+
If the authorization request does not map to any permission, a `403` HTTP status code is returned instead.
+
*** `permissions`
+
Indicates that responses from the server should contain any permission granted by the server by returning a JSON with the following format:
+
```json
[
{
'rsid': 'My Resource'
'scopes': ['view', 'update']
},
...
]
```
+
If the authorization request does not map to any permission, a `403` HTTP status code is returned instead.