Jump to

• Request
• Response
• Examples

Generate Authorization Code and Identity Token (3-legged OAuth Flow)

get

/oauth2/v1/authorize

Request

Query Parameters

• client_id: string
  Unique ID of the client
• nonce(optional): string
  Value that associates the client session with the ID Token and is used to mitigate replay attacks
• redirect_uri: string
  Redirection URI where the response is sent
• response_type: string
  Type of response from the server (code/token/id_token)
• scope: string
  Scope for which the Access Token is requested
• state(optional): string
  Opaque value used to maintain the state between the request and the callback

Back to Top

Response

Supported Media Types

• application/json

200 Response

Authorization Code generated

400 Response

Invalid request

Body ()

Root Schema : error

Type: object

Error message that appears during Revoke Refresh Token

Show Source

• error: string
  Error values based on the OAuth specification
• error_description: string
  Detailed error messages

{
    "description":"Error message that appears during Revoke Refresh Token",
    "type":"object",
    "properties":{
        "error":{
            "type":"string",
            "description":"Error values based on the OAuth specification"
        },
        "error_description":{
            "type":"string",
            "description":"Detailed error messages"
        }
    },
    "required":[
        "error",
        "error_description"
    ]
}

401 Response

Unauthorized client

Body ()

Root Schema : error

Type: object

Error message that appears during Revoke Refresh Token

Show Source

• error: string
  Error values based on the OAuth specification
• error_description: string
  Detailed error messages

{
    "description":"Error message that appears during Revoke Refresh Token",
    "type":"object",
    "properties":{
        "error":{
            "type":"string",
            "description":"Error values based on the OAuth specification"
        },
        "error_description":{
            "type":"string",
            "description":"Detailed error messages"
        }
    },
    "required":[
        "error",
        "error_description"
    ]
}

500 Response

Internal Server Error

Body ()

Root Schema : error

Type: object

Error message that appears during Revoke Refresh Token

Show Source

• error: string
  Error values based on the OAuth specification
• error_description: string
  Detailed error messages

{
    "description":"Error message that appears during Revoke Refresh Token",
    "type":"object",
    "properties":{
        "error":{
            "type":"string",
            "description":"Error values based on the OAuth specification"
        },
        "error_description":{
            "type":"string",
            "description":"Detailed error messages"
        }
    },
    "required":[
        "error",
        "error_description"
    ]
}

Back to Top

Examples

The following example shows how to generate an authorization code and an identity token (3-legged OAuth flow) by submitting a GET request on the REST resource using the browser.

Example requests and responses for the next step in this 3-legged OAuth flow (obtaining the access token) can be found on the Examples tab for the oauth2/v1/token endpoint.

See the Authorization section for more information on grant types.

Authorization Code Request and Response Examples

Note:

The command in this example uses the URL structure https://tenant-base-url/resource-path, where tenant-base-url represents the Identity Service URL, and the resource path represents the Identity Service API. See Send Requests for the appropriate URL structure to use.

Request Example: Confidential/Trusted Client

The following shows an example request when a confidential/trusted client requests an Authorization Code.

GET https://tenant-base-url/oauth2/v1/authorize?client_id=<client-id>&response_type=code&redirect_uri=<client-redirect-uri>&scope=openid&nonce=<nonce-value>&state=1234 

Request Example: Public Client

The following shows an example request when a public client requests an Authorization Code.

GET https://tenant-base-url/oauth2/v1/authorize?client_id=<client-id>&response_type=id_token&redirect_uri=<client-redirect-uri>&scope=openid&nonce=<nonce-value>&state=1234

Response Example

The following example shows the contents of the response body in JSON format:

{
    "value": "http://tenant-base-url/IDCSPlayground/#code=AQIDBAWQKKqQbTCuMCFRVvAU_DUXq32f2Yvcp_0YIxm9u1JoHbzVDZf90TduCFhLGin0z5vv0IXdoVqsCMqKv4IravM8MTEgRU5DUllQVElPTl9LRVkxNCB7djF9NCA=&id_token=eyJ4NXQjUzI1NiI6Ijg1a3E1MFVBVmNSRDJOUTR6WVZMVDZXbndUZmVidjBhNGV2YUJGMjFqbU0iLCJ4NXQiOiJNMm1hRm0zVllsTUJPbjNHZXRWV0dYa3JLcmsiLCJraWQiOiJTSUdOSU5HX0tFWSIsImFsZyI6IlJTMjU2In0.eyJ1c2VyX3R6IjoiQW1lcmljYVwvQ2hpY2FnbyIsInN1YiI6ImFkbWluQG9yYWNsZS5jb20iLCJ1c2VyX2xvY2FsZSI6ImVuIiwidXNlcl9kaXNwbGF5bmFtZSI6ImFkbWluIG9wYyIsImNzciI6ImZhbHNlIiwic3ViX21hcHBpbmdhdHRyIjoidXNlck5hbWUiLCJpc3MiOiJodHRwczpcL1wvaWRlbnRpdHkub3JhY2xlY2xvdWQuY29tXC8iLCJ0b2tfdHlwZSI6IklUIiwidXNlcl90ZW5hbnRuYW1lIjoidGVuYW50MSIsImNsaWVudF9pZCI6IjFlMzQ5MDlkMjQ4OTQ1Y2U5NmZlMzgzY2Y3MDE2ZTc0Iiwic2lkIjoiM2UxNThkODQtMDM2Yi00YzIzLWExMDItZTk3YWYxOTMwOWEzIiwiYXVkIjpbImh0dHBzOlwvXC9pZGVudGl0eS5vcmFjbGVjbG91ZC5jb21cLyIsIjFlMzQ5MDlkMjQ4OTQ1Y2U5NmZlMzgzY2Y3MDE2ZTc0Il0sInVzZXJfaWQiOiIzZTFjY2Q3NTc2YWQ0MjlkYjBmMTEwZjVjOTVlMjBhNiIsImF1dGhuX3N0cmVuZ3RoIjoyLCJhdXRoX3RpbWUiOjE0NjQ4MjgxNzYsInNlc3Npb25fZXhwIjoxNDY0ODU2OTc2LCJ1c2VyX2xhbmciOiJlbiIsImV4cCI6MTQ2NDg1Njk3NiwiaWF0IjoxNDY0ODMxNTAxLCJqdGkiOiI4NGYxNjUwNi0zZGNiLTQ1NTItODk4OC03NWNlYzcxMzA3NzEifQ.O-nkZ0D_EXlvlJKBOMaSL42Xr7uufi5jSIMcvQ95fm9LZ9cRcToxkzpb8fyh4GKwWgCTfbwQPbf36lIz3zZqPUCb6irzLi9KxAFWs0eXtqOOZhR7QTV3S5Hm6d9IApyA5S_zf3hNLM64-b8DhOLAcaI1-_pFfe_wvDRzvi0Mo3c"
  }

Back to Top