Passwordless Login - Authorize
POST {{url}}{{site}}/services/oauth2/authorize
After you send your passwordless login data to initialize, this request allows you to process that login data, and as a part of this request you also verify the users email or sms number. The request itself is a authorization call for the Code and Credential flow. It includes 3 specific headers: Auth-Request-Type which is set to passwordless-login, Auth-Verification-Type which is set to email or sms, and an Authorization Basic header, which is the base64 encoded result of identifier:otp where identifier is the value returned in your initialize call, and otp is the value sent to the end user via email or sms.
The response from this API is the Auth Code, which is then exchanged for the Access Token.
Request Body
[{"name"=>"response_type", "value"=>"code_credentials", "datatype"=>"string"}, {"name"=>"client_id", "value"=>"{{clientId}}", "datatype"=>"string"}, {"name"=>"redirect_uri", "value"=>"{{redirectUrl}}", "datatype"=>"string"}, {"name"=>"scope", "value"=>"", "datatype"=>"null"}]
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Auth-Request-Type | string | Required for passwordless login | |
Auth-Verification-Type | string | Must match init verification method, email or sms | |
Authorization | string | Base 64 encoded <Identifier:OTP> |