Generate Authorization Code and Identity Token (3-legged OAuth Flow)
/oauth2/v1/authorize
Request
-
client_id: string
Unique ID of the client
-
nonce(optional): string
Value that associates the client session with the ID Token and is used to mitigate replay attacks
-
redirect_uri: string
Redirection URI where the response is sent
-
response_type: string
Type of response from the server (code/token/id_token)
-
scope: string
Scope for which the Access Token is requested
-
state(optional): string
Opaque value used to maintain the state between the request and the callback
Response
- application/json
200 Response
400 Response
object
-
error:
string
Error values based on the OAuth specification
-
error_description:
string
Detailed error messages
401 Response
object
-
error:
string
Error values based on the OAuth specification
-
error_description:
string
Detailed error messages
500 Response
object
-
error:
string
Error values based on the OAuth specification
-
error_description:
string
Detailed error messages
Examples
The following example shows how to generate an authorization code and an identity token (3-legged OAuth flow) by submitting a GET request on the REST resource using the browser.
Example requests and responses for the next step in this 3-legged OAuth flow (obtaining the access token) can be found on the Examples tab for the oauth2/v1/token
endpoint.
See the Authorization section for more information on grant types.
Authorization Code Request and Response Examples
Note:
The command in this example uses the URL structurehttps://tenant-base-url/resource-path,
where
tenant-base-url
represents the Identity Service URL, and the resource path represents the Identity Service API. See
Send Requests for the appropriate URL structure to use.
Request Example: Confidential/Trusted Client
The following shows an example request when a confidential/trusted client requests an Authorization Code.
GET https://tenant-base-url/oauth2/v1/authorize?client_id=<client-id>&response_type=code&redirect_uri=<client-redirect-uri>&scope=openid&nonce=<nonce-value>&state=1234
Request Example: Public Client
The following shows an example request when a public client requests an Authorization Code.
GET https://tenant-base-url/oauth2/v1/authorize?client_id=<client-id>&response_type=id_token&redirect_uri=<client-redirect-uri>&scope=openid&nonce=<nonce-value>&state=1234
Response Example
The following example shows the contents of the response body in JSON format:
{
"value": "http://tenant-base-url/IDCSPlayground/#code=AQIDBAWQKKqQbTCuMCFRVvAU_DUXq32f2Yvcp_0YIxm9u1JoHbzVDZf90TduCFhLGin0z5vv0IXdoVqsCMqKv4IravM8MTEgRU5DUllQVElPTl9LRVkxNCB7djF9NCA=&id_token=eyJ4NXQjUzI1NiI6Ijg1a3E1MFVBVmNSRDJOUTR6WVZMVDZXbndUZmVidjBhNGV2YUJGMjFqbU0iLCJ4NXQiOiJNMm1hRm0zVllsTUJPbjNHZXRWV0dYa3JLcmsiLCJraWQiOiJTSUdOSU5HX0tFWSIsImFsZyI6IlJTMjU2In0.eyJ1c2VyX3R6IjoiQW1lcmljYVwvQ2hpY2FnbyIsInN1YiI6ImFkbWluQG9yYWNsZS5jb20iLCJ1c2VyX2xvY2FsZSI6ImVuIiwidXNlcl9kaXNwbGF5bmFtZSI6ImFkbWluIG9wYyIsImNzciI6ImZhbHNlIiwic3ViX21hcHBpbmdhdHRyIjoidXNlck5hbWUiLCJpc3MiOiJodHRwczpcL1wvaWRlbnRpdHkub3JhY2xlY2xvdWQuY29tXC8iLCJ0b2tfdHlwZSI6IklUIiwidXNlcl90ZW5hbnRuYW1lIjoidGVuYW50MSIsImNsaWVudF9pZCI6IjFlMzQ5MDlkMjQ4OTQ1Y2U5NmZlMzgzY2Y3MDE2ZTc0Iiwic2lkIjoiM2UxNThkODQtMDM2Yi00YzIzLWExMDItZTk3YWYxOTMwOWEzIiwiYXVkIjpbImh0dHBzOlwvXC9pZGVudGl0eS5vcmFjbGVjbG91ZC5jb21cLyIsIjFlMzQ5MDlkMjQ4OTQ1Y2U5NmZlMzgzY2Y3MDE2ZTc0Il0sInVzZXJfaWQiOiIzZTFjY2Q3NTc2YWQ0MjlkYjBmMTEwZjVjOTVlMjBhNiIsImF1dGhuX3N0cmVuZ3RoIjoyLCJhdXRoX3RpbWUiOjE0NjQ4MjgxNzYsInNlc3Npb25fZXhwIjoxNDY0ODU2OTc2LCJ1c2VyX2xhbmciOiJlbiIsImV4cCI6MTQ2NDg1Njk3NiwiaWF0IjoxNDY0ODMxNTAxLCJqdGkiOiI4NGYxNjUwNi0zZGNiLTQ1NTItODk4OC03NWNlYzcxMzA3NzEifQ.O-nkZ0D_EXlvlJKBOMaSL42Xr7uufi5jSIMcvQ95fm9LZ9cRcToxkzpb8fyh4GKwWgCTfbwQPbf36lIz3zZqPUCb6irzLi9KxAFWs0eXtqOOZhR7QTV3S5Hm6d9IApyA5S_zf3hNLM64-b8DhOLAcaI1-_pFfe_wvDRzvi0Mo3c"
}