search

Authorization Code

This page describes the OAuth 2.0 authentication process for an Application.

hashtag
Prerequisites

In order to proceed with the OAuth 2.0 authentication process, you should have received the following information from your Provider: client_id, client_secret.

You should also have received from your Provider the FQDN that you will use as the base root for every action detailed below.

For example, if you see the following action:

GET /oauth/authorize

The URI will be

https://provider-FQDN/oauth/authorize

hashtag
Step 1 - Authorization Request

You should redirect your Users for authentication to the following URL

hashtag
Authorization Request

GET https://provider-FQDN/oauth/authorize

hashtag
Path Parameters

Name
Type
Description

response_type

string

Value must be code. i.e. response_type=code

client_id

string

Value must be the one you've received from your Provider

redirect_uri

string

Value must be one of your registered redirect URIs

scope

string

Value must be one or multiple scopes, delimited by spaces, that should be included in the list of your registered scopes. If the parameter is not supplied, the full list of your registered scopes will be used.

state

string

Highly recommended. This can be any value. We will include this value in our response. This helps prevent cross-site request forgery.

hashtag
Response

hashtag
Sucess

If the Authorization Request is accepted, see Step 2

hashtag
Error

HTTP 400 Response if client_id or redirect_uri are missing.

HTTP Redirect to redirect_uri with the following values for the error parameter

name

detail

unsupported_response_type

if response_type is different than code

invalid_scope

if one or several scopes are not registered

access_denied

if user refuses the authorization request process

hashtag
Step 2 - Authorization Grant

HTTP Redirect to redirect_uri with the following query parameters

name

detail

code

this value can only be used once at Step 3 and is valid for 10 minutes

state

value from step 1, if not specified, value will be empty

hashtag
Step 3 - Access Token

hashtag
Access Token Request

POST https://provider-FQDN/oauth/token

hashtag
Headers

Name
Type
Description

Content-Type

string

Value must be application/x-www-form-urlencoded

hashtag
Request Body

Name
Type
Description

grant_type

string

Value must be authorization_code

code

string

Value must be the one received at step 2

redirect_uri

string

Value must match the redirect_uri supplied at step 1

client_id

string

Value must be your client id

client_secret

string

Value must be your client secret

PreviousConnectNextToken Exchange

Last updated