How does one turn an authorization code into a jwt?

This is my interpretation of what should work based on feedback and the API Recommended Practices page.

The JWT is fetched using OAuth token from the older API.

My (not working) process:

  1. My client gets an authorization code from the user’s interaction with (referal response header). working.

  2. My client uses the authorization code to get an access_token from (post json with code from response header in request, json response containing access_token value in response). working.

  3. Presumably the next step is to use the access token to get a JWT from This is where I break. If this is the right track, what is the protocol for doing this? How do I pass the access_token value to the api_token end point? I futzed around and kept getting sent to the sign-in page.

I tried bypassing step 2 and using the working post of step 2 to This gets me a 404, so not the thing.

Where am I going wrong?

1 Like

this is a snippet of what i do in javascript:

   var endpoint = {method:'GET',url:urlbase_iNat+'/users/api_token'};
   var hdr = new Headers();
   hdr.append('Authorization',('Bearer '+accesstoken));

   return fetch(endpoint.url, {
      method: endpoint.method,
      headers: hdr,
   .then((data) => {
      return data.api_token;

Ahh! But of course! Use the standard, Luke!

Thanks for all your help. The logjam is cleared. Much appreciated!


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.