> For the complete documentation index, see [llms.txt](https://docs.fewlines.co/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.fewlines.co/connect/authorization-flow.md).

# Authorization Code

## Prerequisites

In order to proceed with the OAuth 2.0 authentication process, you should have received the following information from your Provider: `client_id`, `client_secret`.

You should also have received from your Provider the FQDN that you will use as the base root for every action detailed below.

For example, if you see the following action:

```
GET /oauth/authorize
```

The URI will be

```
https://provider-FQDN/oauth/authorize
```

## Step 1 - Authorization Request

You should redirect your Users for authentication to the following URL

## Authorization Request

<mark style="color:blue;">`GET`</mark> `https://provider-FQDN/oauth/authorize`

#### Path Parameters

| Name           | Type   | Description                                                                                                                                                                                                                     |
| -------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| response\_type | string | Value must be `code`. i.e. `response_type=code`                                                                                                                                                                                 |
| client\_id     | string | Value must be the one you've received from your Provider                                                                                                                                                                        |
| redirect\_uri  | string | Value must be one of your registered redirect URIs                                                                                                                                                                              |
| scope          | string | <p>Value must be one or multiple scopes, delimited by spaces, that should be included in the list of your registered scopes.<br><br>If the parameter is not supplied, the full list of your registered scopes will be used.</p> |
| state          | string | Highly **recommended**. This can be any value. We will include this value in our response. This helps prevent cross-site request forgery.                                                                                       |

{% tabs %}
{% tab title="302 " %}

```http
# See Response section below
```

{% endtab %}
{% endtabs %}

### Response

#### Sucess

If the Authorization Request is accepted, see [Step 2](/master.md#step-2-authorization-grant)

#### Error

HTTP 400 Response if `client_id` or `redirect_uri` are missing.

HTTP Redirect to `redirect_uri` with the following values for the `error` parameter

| name                        | detail                                            |
| --------------------------- | ------------------------------------------------- |
| `unsupported_response_type` | if `response_type` is different than `code`       |
| `invalid_scope`             | if one or several scopes are not registered       |
| `access_denied`             | if user refuses the authorization request process |

## Step 2 - Authorization Grant

HTTP Redirect to redirect\_uri with the following query parameters

| name    | detail                                                                                                   |
| ------- | -------------------------------------------------------------------------------------------------------- |
| `code`  | this value can only be used once at [Step 3](/master.md#step-3-access-token) and is valid for 10 minutes |
| `state` | value from step 1, if not specified, value will be empty                                                 |

## Step 3 - Access Token

## Access Token Request

<mark style="color:green;">`POST`</mark> `https://provider-FQDN/oauth/token`

#### Headers

| Name         | Type   | Description                                       |
| ------------ | ------ | ------------------------------------------------- |
| Content-Type | string | Value must be `application/x-www-form-urlencoded` |

#### Request Body

| Name           | Type   | Description                                           |
| -------------- | ------ | ----------------------------------------------------- |
| grant\_type    | string | Value must be authorization\_code                     |
| code           | string | Value must be the one received at step 2              |
| redirect\_uri  | string | Value must match the redirect\_uri supplied at step 1 |
| client\_id     | string | Value must be your client id                          |
| client\_secret | string | Value must be your client secret                      |

{% tabs %}
{% tab title="200 " %}

```
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fewlines.co/connect/authorization-flow.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.