diff --git a/keycloak/keycloak_openid.py b/keycloak/keycloak_openid.py
index 1d6ed28..dff2663 100644
--- a/keycloak/keycloak_openid.py
+++ b/keycloak/keycloak_openid.py
@@ -201,7 +201,37 @@ class KeycloakOpenID:
         data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path),
                                             data=payload)
         return raise_error_from_response(data_raw, KeycloakGetError)
+    
+    def identity_token(self, username="", password="", grant_type=["authorization_code"], code="", redirect_uri="", totp=None, **extra):
+        """
+        The token endpoint is used to obtain tokens. Tokens can either be obtained by
+        exchanging an authorization code or by supplying credentials directly depending on
+        what flow is used. The token endpoint is also used to obtain new access tokens
+        when they expire.
+        http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
+        :param username:
+        :param password:
+        :param grant_type:
+        :param code:
+        :param redirect_uri
+        :param totp
+        :return:
+        """
+        params_path = {"realm-name": self.realm_name}
+        payload = {"username": username, "password": password,
+                   "client_id": self.client_id, "grant_type": grant_type,
+                   "code": code, "redirect_uri": redirect_uri}
+        if extra:
+            payload.update(extra)
+
+        if totp:
+            payload["totp"] = totp
 
+        payload = self._add_secret_key(payload)
+        data_raw = self.connection.raw_post(URL_TOKEN.format(**params_path),
+                                            data=payload)
+        return raise_error_from_response(data_raw, KeycloakGetError)
+    
     def refresh_token(self, refresh_token, grant_type=["refresh_token"]):
         """
         The token endpoint is used to obtain tokens. Tokens can either be obtained by