Authorization Endpoint
POST {{url}}/oauth/authorize
parameters:
- name: response_type
content: REQUIRED This value MUST becode. This requests that both an Access Token and an ID Token be returned from the Token Endpoint in exchange for the code value returned from the Authorization Endpoint. - name: client_id
content: REQUIRED Client Identifier provided by PRIVO administrator. - name: scope
content: "OPTIONAL. Openid scope value. Supported the following scope values:openid,profile,email,address,phone,user_profile,additional_info." - name: redirect_uri
content: REQUIRED The client Redirection URI to which the response will be sent. This URI must exactly match one of the pre-registered Redirection URI values. - name: state
content: RECOMMENDED. Opaque value used to maintain state between the request and the callback. - name: nonce
content: OPTIONAL. String value used to associate a Client session with an ID Token, and to mitigate replay attacks. - name: login_hint
content: OPTIONAL. Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary). - name: prompt
content: "Prompts the End-User for reauthentication and consent. Supported the following values:none,login,consent,select_account."
Start the authorization flow. For more information refer to Authorization Grant Documentation
Authorization Endpoint:
POST {{url}}/oauth/authorize
Sample Authorization Request:
{{url}}/oauth/authorize?
response_type=id_token%20token
&client_id=someClientId
&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb?
&scope=openid%20profile%20user_profile%20additional_info
&state=af0ifjsldkj
&nonce=n-0S6_WzA2Mj
Sample JSON Response:
HTTP/1.1 302 Found
Location: https://client.example.org/cb?
access_token=eyJhbGciOiJSUzIi.......3gZthv7Y
&token_type=bearer
&id_token=eyJhbGciOiJSUzIi.......m5cr2cNNk
&expires_in=599
&state=af0ifjsldkj