Authorization Code Flow Request
GET/api/id/v1/auth/authorize
This API endpoint initiates the OAuth 2.0 Authorization Code Flow and is specifically designed to be accessed via a browser-based redirect. To initiate the flow, the client application must redirect the user's browser to this endpoint with the required query parameters, including client_id, redirect_uri, and response_type.
Upon accessing this endpoint, the user will interact with the authorization server’s user interface to authenticate and authorize the client application. After a successful authorization, the user's browser will be redirected to the specified redirect_uri, with the authorization code included as a query parameter.
This flow ensures secure and user-mediated interactions, as required by the OAuth 2.0 specification. Direct programmatic calls to this endpoint are not supported, as it relies on browser-based user interaction.
Request
Query Parameters
The URI to which the authorization code will be sent. This must match the redirect URI registered with the OAuth server.
Possible values: [code]
Must be code to indicate the authorization code flow.
The client ID issued to the application making the request.
The requested permissions (scopes), space-separated.
An opaque value used to maintain state between the request and callback. It is also used to prevent CSRF attacks.
The code challenge generated by the client for PKCE (Proof Key for Code Exchange). This is required for public clients.
The method used to generate the code challenge. This must be S256 for SHA-256 hashing.
Header Parameters
The Cookie header should be included the session cookie for the user. This is used authenticate the user and authorize the client application.
Responses
- 302
Redirects to redirect_uri provided.
Response Headers
Location
string
The
Locationheader contains the redirection URI.