Authorization endpoint
GET/realms/:realmId/protocol/openid-connect/auth
The authorization endpoint is used to authenticate a user with the OpenID Connect Authorization Code Flow. The first step in that flow is clicking a link that redirects the browser to the authorization endpoint. The GET request sent by the browser returns an HTML page that contains a login form and a registration link.
Once the user enters the credentials correctly in the form, they are redirected back to the URL specified in the redirect_uri
parameter. The redirect URL will contain the code
query parameter that can be used in the next step of the flow to receive an access token and id token from the token endpoint.
The request must include the client_id
, redirect_uri
and response_type=code
parameters. A code_challenge
can optionally be included to authenticate using the Authorization Code Flow with Proof Key for Code Exchange (PKCE). In that case, the code_challenge_method
field must be set as well. The state
and nonce
parameters as defined in the OpenID specification are optional but recommended.
Request
Path Parameters
The realm's id
Query Parameters
The client ID that you received from the Envizage Developer Console
Recommended. Opaque random string value used to maintain state between the request and the callback and mitigate CSRF attack risk.
Recommended. String value used to associate a client session with an ID token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID token. Sufficient entropy must be present in the nonce values used to prevent attackers from guessing values.
A cryptographically random string using the characters A-Z, a-z, 0-9 and the punctuation characters -._~ (hyphen, period, underscore, and tilde), between 43 and 128 characters long. The plain string can be used or (recommended) a Base64-URL-encoded string of the SHA256 hash of it.
Either plain
or S256
depending on whether the code challenge is the plain verifier string or the SHA256 hash of the string
Possible values: [code
]
Indicates that the client expects to receive an authorization code. Value for the Authorization Code Flow is code
Indicates the URL to return the user to after the authorization is complete.
Possible values: [openid
]
OpenID Connect request must contain the openid
scope value according to the specification. Other optional scope values are not included when authenticating with Envizage.
Responses
- 200
- 400
OK
- text/html
- Schema
Schema
- string
Bad request