---
title: How to Create an OIDC Provider Token
url: https://docs.vultr.com/platform/iam/oidc/oidc-providers/how-to-create-an-oidc-provider-token
description: Generate an authentication token from an OIDC provider in Vultr IAM. Obtain temporary credentials for accessing cloud resources through federated identity.
publish_date: 2026-03-24T19:52:55.872584Z
last_updated: 2026-06-01T20:54:47.431525Z
---

Creating an OIDC provider token exchanges an authorization code for access and ID tokens using the standard OAuth2 authorization code flow. This is the token endpoint that external systems call after a user completes authentication through the provider's authorization endpoint.

This guide explains how to create an OIDC provider token using the Vultr API.

1. Send a `GET` request to the [**List OIDC Providers** endpoint](https://www.vultr.com/api/#tag/oidc/operation/list-oidc-providers) to retrieve all providers.

    ```console
    $ curl "https://api.vultr.com/v2/oidc/provider" \
        -X GET \
        -H "Authorization: Bearer ${VULTR_API_KEY}"
    ```

    Note the `id` of the provider for which you want to create a token.

1. Send a `GET` request to the [**OIDC Provider Discovery** endpoint](https://www.vultr.com/api/#tag/oidc/operation/get-oidc-provider-discovery) to retrieve the provider's authorization URL. Replace `{provider-id}` with the provider id.

    ```console
    $ curl "https://api.vultr.com/v2/oidc/provider/{provider-id}/.well-known/openid-configuration" \
        -X GET \
        -H "Authorization: Bearer ${VULTR_API_KEY}"
    ```

    Note the `authorization_endpoint` URL from the response. Direct the user to this URL to authenticate. After the user authenticates, the authorization server redirects to the configured `redirect_uri` with an authorization `code`.

1. Send a `POST` request to the [**Create OIDC Provider Token** endpoint](https://www.vultr.com/api/#tag/oidc/operation/create-oidc-provider-token) to exchange the authorization code for tokens. Replace `{provider-id}` with the provider id, `AUTH-CODE` with the authorization code, and `REDIRECT-URI` with the redirect URI configured for the client.

    ```console
    $ curl "https://api.vultr.com/v2/oidc/provider/{provider-id}/token" \
        -X POST \
        -H "Authorization: Bearer ${VULTR_API_KEY}" \
        -H "Content-Type: application/json" \
        -d '{
            "grant_type": "authorization_code",
            "code": "AUTH-CODE",
            "redirect_url": "REDIRECT-URI"
        }'
    ```

    A successful request returns an HTTP `201 Created` response.