Get OAuth 2.0 Consent Request
GET {{baseUrl}}/admin/oauth2/auth/requests/consent?consent_challenge=<string>
When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider to authenticate the subject and then tell Ory now about it. If the subject authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf.
The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells Ory if the subject accepted or rejected the request.
The default consent provider is available via the Ory Managed Account Experience. To customize the consent provider, please head over to the OAuth 2.0 documentation.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
consent_challenge | string | (Required) OAuth 2.0 Consent Request Challenge |
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Accept | string |
RESPONSES
status: OK
{"challenge":"\u003cstring\u003e","acr":"\u003cstring\u003e","amr":["\u003cstring\u003e","\u003cstring\u003e"],"client":{"allowed_cors_origins":["\u003cstring\u003e","\u003cstring\u003e"],"audience":["\u003cstring\u003e","\u003cstring\u003e"],"authorization_code_grant_access_token_lifespan":"2490535m351ns365070us92820513h8972ns8497821608s9030892548us13866h6482866684s06438m","authorization_code_grant_id_token_lifespan":"880051h0720ms3448934985ms3759225m7856ns","authorization_code_grant_refresh_token_lifespan":"","backchannel_logout_session_required":"\u003cboolean\u003e","backchannel_logout_uri":"\u003cstring\u003e","client_credentials_grant_access_token_lifespan":"63761m25266137ns551542h07016381m113826h4407919669us75932s50s32326ns","client_id":"\u003cstring\u003e","client_name":"\u003cstring\u003e","client_secret":"\u003cstring\u003e","client_secret_expires_at":"\u003clong\u003e","client_uri":"\u003cstring\u003e","contacts":["\u003cstring\u003e","\u003cstring\u003e"],"created_at":"\u003cdateTime\u003e","frontchannel_logout_session_required":"\u003cboolean\u003e","frontchannel_logout_uri":"\u003cstring\u003e","grant_types":["\u003cstring\u003e","\u003cstring\u003e"],"implicit_grant_access_token_lifespan":"902735408m7132us2640s237025967us","implicit_grant_id_token_lifespan":"06s5644981us3850853h90032403ms02us67484m20299391h5s","jwks":{"description":"OAuth 2.0 Client JSON Web Key Set\n\nClient's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as\nthe jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter\nis intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for\ninstance, by native applications that might not have a location to host the contents of the JWK Set. If a Client\ncan use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation\n(which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks\nparameters MUST NOT be used together."},"jwks_uri":"\u003cstring\u003e","jwt_bearer_grant_access_token_lifespan":"037262064ms","logo_uri":"\u003cstring\u003e","metadata":{"title":"JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."},"owner":"\u003cstring\u003e","policy_uri":"\u003cstring\u003e","post_logout_redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"refresh_token_grant_access_token_lifespan":"149365371ns7165038us29813ms55s71350s59933m259660740s32372h","refresh_token_grant_id_token_lifespan":"2927595227us518868827h75ns69771h","refresh_token_grant_refresh_token_lifespan":"8328585ns1504385us","registration_access_token":"\u003cstring\u003e","registration_client_uri":"\u003cstring\u003e","request_object_signing_alg":"\u003cstring\u003e","request_uris":["\u003cstring\u003e","\u003cstring\u003e"],"response_types":["\u003cstring\u003e","\u003cstring\u003e"],"scope":"\u003cstring\u003e","sector_identifier_uri":"\u003cstring\u003e","subject_type":"\u003cstring\u003e","token_endpoint_auth_method":"\u003cstring\u003e","token_endpoint_auth_signing_alg":"\u003cstring\u003e","tos_uri":"\u003cstring\u003e","updated_at":"\u003cdateTime\u003e","userinfo_signed_response_alg":"\u003cstring\u003e"},"context":{"title":"JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."},"login_challenge":"\u003cstring\u003e","login_session_id":"\u003cstring\u003e","oidc_context":{"acr_values":["\u003cstring\u003e","\u003cstring\u003e"],"display":"\u003cstring\u003e","id_token_hint_claims":{"labore_496":{},"nostrud8":{}},"login_hint":"\u003cstring\u003e","ui_locales":["\u003cstring\u003e","\u003cstring\u003e"]},"request_url":"\u003cstring\u003e","requested_access_token_audience":["\u003cstring\u003e","\u003cstring\u003e"],"requested_scope":["\u003cstring\u003e","\u003cstring\u003e"],"skip":"\u003cboolean\u003e","subject":"\u003cstring\u003e"}