Authenticate a user
GET {{baseUrl}}/authorize?client_id=<get>&response_type=<get>&scope=<get>&redirect_uri=<get>&state=<>&response_mode=<get>&nonce=<get>&display=<>&prompt=<>&max_age=<>&ui_locales=<>
Start a session with Authentiq Connect and authenticate a user.
Example:
GET https://connect.authentiq.io/authorize?client_id=<your-client-id>&response_type=code+id_token&scope=openid+email&redirect_uri=<your-redirect-uri>&state=0123456789
This endpoint is compatible with OpenID Connect and also supports the POST method, in which case the parameters are passed as a form post.
See also: - OAuth 2.0 Authorization Endpoint - [OIDC Au
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
client_id | string | A client ID obtained from the Dashboard. | |
response_type | string | The OIDC response type to use for this authentication flow. Valid choices are code, id_token, token, token id_token, code id_token code token and code token id_token, but a client can be configured with a more restricted set. | |
scope | string | The space-separated identity claims to request from the end-user. Always include openid as a scope for compatibility with OIDC. | |
redirect_uri | string | The location to redirect to after (un)successful authentication. See OIDC for the parameters passed in the query string (response_mode=query) or as fragments (response_mode=fragment). Unless the client is in test-mode this must be one of the registered redirect URLs. | |
state | string | An opaque string that will be passed back to the redirect URL and therefore can be used to communicate client side state and prevent CSRF attacks. | |
response_mode | string | Whether to append parameters to the redirect URL in the query string (query) or as fragments (fragment). This option usually has a sensible default for each of the response types. | |
nonce | string | An nonce provided by the client (and opaque to Authentiq Connect) that will be included in any ID Token generated for this session. Clients should use the nonce to mitigate replay attacks. | |
display | string | The authentication display mode, which can be one of page, popup or modal. Defaults to page. | |
prompt | string | Space-delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The supported values are: none, login, consent. If consent the end-user is asked to (re)confirm what claims they share. Use none to check for an active session. | |
max_age | string | Specifies the allowable elapsed time in seconds since the last time the end-user was actively authenticated. | |
ui_locales | string | Specifies the preferred language to use on the authorization page, as a space-separated list of BCP47 language tags. Ignored at the moment. | |