Accept OAuth 2.0 Consent Request
PUT {{baseUrl}}/admin/oauth2/auth/requests/consent/accept?consent_challenge=<string>
When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider to authenticate the subject and then tell Ory now about it. If the subject authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf.
The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells Ory if the subject accepted or rejected the request.
This endpoint tells Ory that the subject has authorized the OAuth 2.0 client to access resources on his/her behalf. The consent provider includes additional information, such as session data for access and ID tokens, and if the consent request should be used as basis for future requests.
The response contains a redirect URL which the consent provider should redirect the user-agent to.
The default consent provider is available via the Ory Managed Account Experience. To customize the consent provider, please head over to the OAuth 2.0 documentation.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
consent_challenge | string | (Required) OAuth 2.0 Consent Request Challenge |
Request Body
{"grant_access_token_audience"=>["<string>", "<string>"], "grant_scope"=>["<string>", "<string>"], "handled_at"=>"<dateTime>", "remember"=>"<boolean>", "remember_for"=>"<long>", "session"=>{"access_token"=>{"description"=>"AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the\nrefresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection.\nIf only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties\ncan access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!"}, "id_token"=>{"description"=>"IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session'id payloads are readable\nby anyone that has access to the ID Challenge. Use with care!"}}}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"redirect_to":"\u003cstring\u003e"}