The authorize endpoint can be used to request tokens or authorization codes via the browser.
This process typically involves authentication of the end-user and optionally consent.
URL: https://auth.10npay.com/connect/authorize #
Parameters #
client_id (required) #
identifier of the client.
scope (required) #
one or more registered scopes, delimited with space (required)
response_type (required) #
● id_token requests an identity token (only identity scopes are allowed)
● token requests an access token (only resource scopes are allowed)
● id_token token requests an identity token and an access token
● code requests an authorization code
● code id_token requests an authorization code and identity token
● code id_token token requests an authorization code, identity token and access token
response_mode #
● form_post sends the token response as a form post instead of a fragment encoded redirect (optional)
● query sends the token response as a fragment encoded redirect (default)
prompt #
● none no UI will be shown during the request. If this is not possible (e.g. because the user has to sign in or consent) an error is returned
● login the login UI will be shown, even if the user is already signed-in and has a valid session
redirect_url #
must exactly match one of the allowed redirect URIs for that client (required)
state #
Authentication service will echo back the state value on the token response, this is for the round-tripping state between client and provider, correlating request and response and CSRF/replay protection. (recommended)
nonce #
Authentication service will echo back the nonce value in the identity token, this is for replay protection) Required for identity tokens via the implicit grant.
code_challenge #
sends the code challenge for PKCE
code_challenge_method #
● plain indicates that the challenge is using plain text (not recommended)
● S256 indicates the challenge is hashed with SHA256
Sample Request #
GET https://auth.10npay.com/connect/authorize? client_id=client1& scope=openid email api1& response_type=code& response_mode=query& prompt=login&redirect_uri=https://myapp/callback& state=abc& nonce=xyz& code_challenge=jkl& code_challenge_method=S256 |
(URL encoding removed, and line breaks added for readability)