Step 2

​After the end user has completed the consent, E-Consent will redirect the browser to the redirect URI.

​It will append the state and code parameters, e.g. like this: d8c7b407877a46c981a171077480be01&state=722c3292d292486b80eac5c2fc28dcb5

The next step is to do a server-to-server call to get the signed token with the consent proof from E-Consent. This token can be sent to the third party that can use it to access the API.

Below is a code example on how to retrieve this token:


import com.nimbusds.oauth2.sdk.*;

// Parse the authorisation response from the callback URI
AuthorizationResponse response = AuthorizationResponse.parse(callbackURI);

if (!response.indicatesSuccess()) {
  // The request was denied or some error may have occurred

AuthorizationSuccessResponse successResponse = (AuthorizationSuccessResponse) response;

// The returned state parameter must match the one sent in the request
if (!state.equals(successResponse.getState()) {
  // Unexpected or tampered response

AuthorizationCode code = successResponse.getAuthorizationCode();

AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, redirectURI);

// Credentials to authenticate the client at the token endpoint
ClientID clientId = new ClientID("someagreedusername");
Secret clientSecret = new Secret("someagreedsecret");
ClientAuthentication clientAuth = new ClientSecretBasic(clientId, clientSecret);

// Get the token endpoint URL from the discovery endpoint
HTTPResponse response = new HTTPRequest(HTTPRequest.Method.GET, new URL("")).send();
JSONObject discoveryResponse = new JSONObject(response.getContentAsJSONObject().toString());
URL tokenEndpoint = discoveryResponse.get("token_endpoint");

// Make the token request
TokenRequest tokenRequest = new TokenRequest(tokenEndpoint, clientAuth, codeGrant);

HTTPResponse tokenHTTPResponse = tokenRequest.toHTTPRequest().send();

if (200 != tokenHTTPResponse.getStatusCode())) {
   // An error was returned from the endpoint

JSONObject tokenJsonObject = tokenHTTPResp.getContentAsJSONObject();
String token = JSONObjectUtils.getString(tokenJsonObject, "myinsurancetoken");

 Continue to Step 3