Authorization Endpoint

POST {{url}}/oauth/authorize

parameters:

  • name: response_type
    content: REQUIRED This value MUST be code. This requests that both an Access Token and an ID Token be returned from the Token Endpoint in exchange for the code value returned from the Authorization Endpoint.
  • name: client_id
    content: REQUIRED Client Identifier provided by PRIVO administrator.
  • name: scope
    content: "OPTIONAL. Openid scope value. Supported the following scope values: openid, profile, email, address , phone, user_profile, additional_info."
  • name: redirect_uri
    content: REQUIRED The client Redirection URI to which the response will be sent. This URI must exactly match one of the pre-registered Redirection URI values.
  • name: state
    content: RECOMMENDED. Opaque value used to maintain state between the request and the callback.
  • name: nonce
    content: OPTIONAL. String value used to associate a Client session with an ID Token, and to mitigate replay attacks.
  • name: login_hint
    content: OPTIONAL. Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary).
  • name: prompt
    content: "Prompts the End-User for reauthentication and consent. Supported the following values: none, login , consent, select_account."

Start the authorization flow. For more information refer to Authorization Grant Documentation

Authorization Endpoint:

POST {{url}}/oauth/authorize

Sample Authorization Request:

{{url}}/oauth/authorize?
  response_type=id_token%20token
  &client_id=someClientId
  &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb?
  &scope=openid%20profile%20user_profile%20additional_info
  &state=af0ifjsldkj
  &nonce=n-0S6_WzA2Mj

Sample JSON Response:

HTTP/1.1 302 Found
Location: https://client.example.org/cb?
  access_token=eyJhbGciOiJSUzIi.......3gZthv7Y
  &token_type=bearer
  &id_token=eyJhbGciOiJSUzIi.......m5cr2cNNk
  &expires_in=599
  &state=af0ifjsldkj