Function fetchAccessToken

fetchAccessToken(
    __namedParameters: FetchAccessTokenParams,
    config: FetchAccessTokenConfig,
): Promise<
    {
        access_token: string;
        expires_in: number;
        refresh_token: string;
        token_type: string;
    },
>
Exchanges an authorization code for access token data at the token endpoint.

Why (Security)
PKCE and DPoP binding reduce stolen code redemption and token replay.

Specifications
- RFC 6749 (OAuth 2.0 Authorization Framework) Section 4.1.3, access token request
- RFC 6749 (OAuth 2.0 Authorization Framework) Section 5.1, access token response
- RFC 7636 (Proof Key for Code Exchange by OAuth Public Clients) Section 4.5, PKCE token request checks
- RFC 9449 (OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)) Section 7, DPoP at token endpoint
Parameters
- __namedParameters: FetchAccessTokenParams
- config: FetchAccessTokenConfig
Returns Promise<
    {
        access_token: string;
        expires_in: number;
        refresh_token: string;
        token_type: string;
    },
>
- Defined in packages/client-core/src/statements/tokens/fetchAccessToken.ts:37