Authorize a user
Authorization
usernamePassword Authorization requests (oauth)
In: header
Query Parameters
A space delimited list of Authentication Class References. This can be used to specify certain authentication methods or level of assurance that is required for the authentication. For example, you could use this to require multi-factor authentication.
The client ID of the application that is requesting authorization. This is a required parameter and must match the client ID of a registered application.
The code challenge is a cryptographic string used in the PKCE (Proof Key for Code Exchange) flow to enhance security.
The code challenge method is used in conjunction with the code challenge in the PKCE flow. It specifies the method used to generate the code challenge. Common values are "S256" for SHA-256 hashing and "plain" for no hashing.
The display parameter is used to specify how the authorization server should display the authentication and consent user interface. Common values include "page" for a full-page display, "popup" for a popup window, and "touch" for a mobile-optimized display.
The ID token hint is a previously issued ID token that can be used to pre-fill the authentication form or to provide information about the user to the authorization server. This can be useful for single sign-on scenarios or for providing a smoother user experience.
The login hint is a hint to the authorization server about the login identifier of the user. This can be used to pre-fill the username or email field in the authentication form, making it easier for the user to log in.
The max age parameter specifies the maximum amount of time in seconds that has passed since the user last authenticated. If the user has not authenticated within this time frame, they will be required to re-authenticate.
The nonce parameter is a random string that is used to associate a client session with an ID token and to mitigate replay attacks. The authorization server should include this value in the ID token that it issues, and the client should verify that the value in the ID token matches the value it sent in the authorization request.
The prompt parameter is used to specify whether the authorization server should prompt the user for re-authentication and consent. Common values include "none" for no prompts, "login" to prompt for re-authentication, "consent" to prompt for user consent, and "select_account" to prompt the user to select an account if they are logged in with multiple accounts.
The redirect URI is the URI to which the authorization server will redirect the user after they have authorized or denied the request. This must match one of the redirect URIs registered for the client application.
The response mode parameter specifies how the authorization server should return the authorization response. Common values include "query" to return parameters in the query string, "fragment" to return parameters in the URL fragment, and "form_post" to return parameters in an HTTP POST request.
The response type parameter specifies the type of response that the client is expecting from the authorization server. Common values include "code" for the authorization code flow, "token" for the implicit flow, and "id_token" for OpenID Connect authentication.
The scope parameter is used to specify the permissions that the client is requesting from the user. This is a space-delimited list of scope values, and the authorization server will use this information to determine what access to grant to the client application.
The state parameter is a random string that is used to maintain state between the authorization request and the callback. It is used to prevent cross-site request forgery (CSRF) attacks by ensuring that the response received from the authorization server corresponds to the request that was sent.
The ui_locales parameter is used to specify the preferred languages and scripts for the user interface that the authorization server should display. This is a space-delimited list of BCP47 language tag values, and it can be used to provide a localized user experience for users from different regions and language preferences.
Response Body
application/json
application/json
curl -X GET "https://example.com/auth/authorize?client_id=string&response_type=string"{ "code": "string", "message": "string", "details": {}}{ "code": "string", "message": "string", "details": {}}