Get Authorization URL
GET {{base_url}}/sso/authorize?response_type=code&client_id={{client_id}}&redirect_uri=<string>&organization=<string>
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
response_type | string | The only valid option for the response type parameter is code. |
The code parameter value initiates an Authorization Code Grant Type. This grant type allows a Developer to exchange an authorization code for an access token during the redirect that takes place after a user has authenticated with an Identity Provider. |
| client_id | string | | This value can be obtained from the SSO Configuration page in the WorkOS dashboard. |
| redirect_uri | string | | A Redirect URI to return an authorized user to. |
| organization | string | | The organization connection selector is used to initiate SSO for an Organization.
The value of this parameter should be a WorkOS Organization ID.
For example, the Developer can persist the WorkOS Organization ID with application User or Team identifiers. WorkOS will use the organization connection selector to determine the appropriate Connection and IdP to direct the user to for authentication. |
| connection | string | | The connection connection selector is used to initiate SSO for a Connection.
The value of this parameter should be a WorkOS Connection ID.
For example, the Developer can persist the WorkOS Connection ID with application User or Team identifiers. WorkOS will use the Connection indicated by the connection parameter to direct the user to the corresponding IdP for authentication. |
| provider | string | | The provider connection selector is used to initiate SSO using an OAuth provider.
Currently, the only supported values for provider are GoogleOAuth and MicrosoftOAuth. Provide the provider parameter when authenticating Google OAuth users, because Google OAuth does not take a user’s domain into account when logging in with a “Sign in with Google” button. |
| state | string | | An optional parameter that can be used to encode arbitrary information to help restore application state between redirects. If included, the redirect URI received from WorkOS will contain the exact state that was passed. |
| login_hint | string | | Can be used to pre-fill the username/email address field of the IdP sign-in page for the user, if you know their username ahead of time.
Currently, this parameter is only supported for OAuth, and OpenID Connect connection types. |
| domain_hint | string | | Can be used to pre-fill the domain field when initiating authentication with Microsoft OAuth. |