Skip to main content

Authorization endpoint

GET 
/realms/:realmId/protocol/openid-connect/auth

The authorization endpoint is used to authenticate a user with the OpenID Connect Authorization Code Flow. The first step in that flow is clicking a link that redirects the browser to the authorization endpoint. The GET request sent by the browser returns an HTML page that contains a login form and a registration link.

Once the user enters the credentials correctly in the form, they are redirected back to the URL specified in the redirect_uri parameter. The redirect URL will contain the code query parameter that can be used in the next step of the flow to receive an access token and id token from the token endpoint.

The request must include the client_id, redirect_uri and response_type=code parameters. A code_challenge can optionally be included to authenticate using the Authorization Code Flow with Proof Key for Code Exchange (PKCE). In that case, the code_challenge_method field must be set as well. The state and nonce parameters as defined in the OpenID specification are optional but recommended.

Request

Path Parameters

    realmId stringrequired

    The realm's id

Query Parameters

    client_id stringrequired

    The client ID that you received from the Envizage Developer Console

    state string

    Recommended. Opaque random string value used to maintain state between the request and the callback and mitigate CSRF attack risk.

    nonce string

    Recommended. String value used to associate a client session with an ID token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID token. Sufficient entropy must be present in the nonce values used to prevent attackers from guessing values.

    code_challenge string

    A cryptographically random string using the characters A-Z, a-z, 0-9 and the punctuation characters -._~ (hyphen, period, underscore, and tilde), between 43 and 128 characters long. The plain string can be used or (recommended) a Base64-URL-encoded string of the SHA256 hash of it.

    code_challenge_method string

    Either plain or S256 depending on whether the code challenge is the plain verifier string or the SHA256 hash of the string

    response_type stringrequired

    Possible values: [code]

    Indicates that the client expects to receive an authorization code. Value for the Authorization Code Flow is code

    redirect_uri stringrequired

    Indicates the URL to return the user to after the authorization is complete.

    scope stringrequired

    Possible values: [openid]

    OpenID Connect request must contain the openid scope value according to the specification. Other optional scope values are not included when authenticating with Envizage.

Responses

OK

Schema
  • string
Loading...