Authorize Endpoint

The authorize endpoint can be used to request tokens or authorization codes via the browser.

This process typically involves authentication of the end-user and optionally consent.

URL: #

Parameters #

client_id (required) #

identifier of the client.

scope (required) #

one or more registered scopes, delimited with space (required)

response_type (required) #

●        id_token requests an identity token (only identity scopes are allowed)

●        token requests an access token (only resource scopes are allowed)

●        id_token token requests an identity token and an access token

●        code requests an authorization code

●        code id_token requests an authorization code and identity token

●        code id_token token requests an authorization code, identity token and access token

response_mode #

●        form_post sends the token response as a form post instead of a fragment encoded redirect (optional)

●        query sends the token response as a fragment encoded redirect (default)

prompt #

●        none no UI will be shown during the request. If this is not possible (e.g. because the user has to sign in or consent) an error is returned

●        login the login UI will be shown, even if the user is already signed-in and has a valid session

redirect_url #

must exactly match one of the allowed redirect URIs for that client (required)

state #

Authentication service will echo back the state value on the token response, this is for the round-tripping state between client and provider, correlating request and response and CSRF/replay protection. (recommended)

nonce #

Authentication service will echo back the nonce value in the identity token, this is for replay protection) Required for identity tokens via the implicit grant.

code_challenge #

sends the code challenge for PKCE

code_challenge_method #

●        plain indicates that the challenge is using plain text (not recommended)

●        S256 indicates the challenge is hashed with SHA256

Sample Request #

    scope=openid email api1&

(URL encoding removed, and line breaks added for readability)

Powered by BetterDocs