Step 2: Submit the authorize request
GET {{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{PKCEAppID}}&redirect_uri=https://www.example.com&scope=openid&code_challenge={{codeChallenge}}&code_challenge_method=S256
You can use the /{{envID}}/as/authorize endpoint to initiate authorization. This request must include the code_challenge and code_challenge_method parameters.
In the request, the response_type property specifies that the request returns an authorization code that can be exchanged for a token. The client_id property identifies the application ID for the application you created in Step 1. The code_challenge value is computed using the code_verifier prior to submitting the authorize request. The code_challenge_method value specifies the S256 method.
The request returns a Location HTTP header that specifies the URL for the sign-on screen and the flow ID for this specific authentication workflow. The user's browser is redirected to the sign-on screen to enter account credentials, usually a username and password. For more information about sign-on flows, see Authentication workflow walkthrough.
Note: If this call fails to return a 302 HTTP Status, for a possible solution see Configuring and managing Qodex.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
response_type | string | Required | |
client_id | string | Required | |
redirect_uri | string | Required | |
scope | string | Optional - if empty, uses all granted scopes | |
code_challenge | string | (S256) Required/Optional depending on App config - {{codeChallenge}} is automatically set to the S256 hashed value of {{codeVerifier}} | |
code_challenge_method | string | Required/Optional depending on App config - Defaults to plain | |
response_mode | string | Optional ( query |
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Cookie | string | ||
Cookie | string | Used for browsers that improperly handle SameSite=None |