# Authorization Code
## Prerequisites
In order to proceed with the OAuth 2.0 authentication process, you should have received the following information from your Provider: `client_id`, `client_secret`.
You should also have received from your Provider the FQDN that you will use as the base root for every action detailed below.
For example, if you see the following action:
```
GET /oauth/authorize
```
The URI will be
```
https://provider-FQDN/oauth/authorize
```
## Step 1 - Authorization Request
You should redirect your Users for authentication to the following URL
## Authorization Request
`GET` `https://provider-FQDN/oauth/authorize`
#### Path Parameters
| Name | Type | Description |
| -------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| response\_type | string | Value must be `code`. i.e. `response_type=code` |
| client\_id | string | Value must be the one you've received from your Provider |
| redirect\_uri | string | Value must be one of your registered redirect URIs |
| scope | string | Value must be one or multiple scopes, delimited by spaces, that should be included in the list of your registered scopes.
If the parameter is not supplied, the full list of your registered scopes will be used.
|
| state | string | Highly **recommended**. This can be any value. We will include this value in our response. This helps prevent cross-site request forgery. |
{% tabs %}
{% tab title="302 " %}
```http
# See Response section below
```
{% endtab %}
{% endtabs %}
### Response
#### Sucess
If the Authorization Request is accepted, see [Step 2](https://docs.fewlines.co/master#step-2-authorization-grant)
#### Error
HTTP 400 Response if `client_id` or `redirect_uri` are missing.
HTTP Redirect to `redirect_uri` with the following values for the `error` parameter
| name | detail |
| --------------------------- | ------------------------------------------------- |
| `unsupported_response_type` | if `response_type` is different than `code` |
| `invalid_scope` | if one or several scopes are not registered |
| `access_denied` | if user refuses the authorization request process |
## Step 2 - Authorization Grant
HTTP Redirect to redirect\_uri with the following query parameters
| name | detail |
| ------- | ----------------------------------------------------------------------------------------------------------------------------- |
| `code` | this value can only be used once at [Step 3](https://docs.fewlines.co/master#step-3-access-token) and is valid for 10 minutes |
| `state` | value from step 1, if not specified, value will be empty |
## Step 3 - Access Token
## Access Token Request
`POST` `https://provider-FQDN/oauth/token`
#### Headers
| Name | Type | Description |
| ------------ | ------ | ------------------------------------------------- |
| Content-Type | string | Value must be `application/x-www-form-urlencoded` |
#### Request Body
| Name | Type | Description |
| -------------- | ------ | ----------------------------------------------------- |
| grant\_type | string | Value must be authorization\_code |
| code | string | Value must be the one received at step 2 |
| redirect\_uri | string | Value must match the redirect\_uri supplied at step 1 |
| client\_id | string | Value must be your client id |
| client\_secret | string | Value must be your client secret |
{% tabs %}
{% tab title="200 " %}
```
```
{% endtab %}
{% endtabs %}