Authorize (hybrid POST)
POST {{authPath}}/{{envID}}/as/authorizeThe authorization endpoint can be used to initiate a hybrid flow authorization request, in which an authorization code is returned from the authorization endpoint, some tokens are returned from the authorization endpoint, and others are returned from the token endpoint. In a hybrid flow, the authorization endpoint’s response_type property specifies the code type and it also specifies id_token, or token, or both. An authorization code (specified by the code response type) is always returned in a hybrid flow. An ID token is returned when the response_type property is code id_token or code id_token token. An access token is returned when the response_type property is code token or code id_token token.
Note that for the POST request, parameters and their values are Form Serialized by adding the parameter names and values to the entity body of the HTTP request and specifying the Content-Type: application/x-www-form-urlencoded request header.
For a Proof Key for Code Exchange (PKCE) authorization request, the /{{envID}}/as/authorize request must include the code_challenge parameter. The code_challenge_method parameter is required if the application’s pkceEnforcement property is set to S256_REQUIRED. Otherwise, it is optional.
|
The optional |
The sample shows the POST /{{envID}}/as/authorize operation for a hybrid flow. For more information about hybrid flows, refer to Authentication using the Hybrid Flow.
Prerequisites
-
Refer to OpenID Connect/OAuth 2 for important overview information.
-
Create an application to get an
appID. Refer to Application Operations. Run Read All Applications to find an existing application. -
Run Read All Templates to find a
templateName. -
Run Read All Contents to find a
variantName.
Request Model
| Property | Type | Required? |
|---|---|---|
|
String |
Optional |
|
String |
Required |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Required |
|
String |
Optional |
|
String |
Optional |
|
String |
Required |
|
String |
Optional |
|
String |
Optional |
Refer to the OpenID Connect/OAuth2 data model for full property descriptions.
Related topics
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{authPath}}/{{envID}}/as/authorize' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'response_type=code id_token' \
--data-urlencode 'client_id={{appID}}' \
--data-urlencode 'redirect_uri={{redirect_uri}}' \
--data-urlencode 'scope=openid profile email' \
--data-urlencode 'state={{state}}'var options = new RestClientOptions("{{authPath}}/{{envID}}/as/authorize")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("response_type", "code id_token");
request.AddParameter("client_id", "{{appID}}");
request.AddParameter("redirect_uri", "{{redirect_uri}}");
request.AddParameter("scope", "openid profile email");
request.AddParameter("state", "{{state}}");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{authPath}}/{{envID}}/as/authorize"
method := "POST"
payload := strings.NewReader("response_type=code%20id_token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20email&state=%7B%7Bstate%7D%7D")
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /{{envID}}/as/authorize HTTP/1.1
Host: {{authPath}}
Content-Type: application/x-www-form-urlencoded
response_type=code%20id_token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20email&state=%7B%7Bstate%7D%7DOkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "response_type=code id_token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid profile email&state={{state}}");
Request request = new Request.Builder()
.url("{{authPath}}/{{envID}}/as/authorize")
.method("POST", body)
.addHeader("Content-Type", "application/x-www-form-urlencoded")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{authPath}}/{{envID}}/as/authorize",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data": {
"response_type": "code id_token",
"client_id": "{{appID}}",
"redirect_uri": "{{redirect_uri}}",
"scope": "openid profile email",
"state": "{{state}}"
}
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{authPath}}/{{envID}}/as/authorize',
'headers': {
'Content-Type': 'application/x-www-form-urlencoded'
},
form: {
'response_type': 'code id_token',
'client_id': '{{appID}}',
'redirect_uri': '{{redirect_uri}}',
'scope': 'openid profile email',
'state': '{{state}}'
}
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
url = "{{authPath}}/{{envID}}/as/authorize"
payload = 'response_type=code%20id_token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20email&state=%7B%7Bstate%7D%7D'
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/authorize');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/x-www-form-urlencoded'
));
$request->addPostParameter(array(
'response_type' => 'code id_token',
'client_id' => '{{appID}}',
'redirect_uri' => '{{redirect_uri}}',
'scope' => 'openid profile email',
'state' => '{{state}}'
));
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "net/http"
url = URI("{{authPath}}/{{envID}}/as/authorize")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/x-www-form-urlencoded"
request.body = "response_type=code%20id_token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20email&state=%7B%7Bstate%7D%7D"
response = http.request(request)
puts response.read_bodylet parameters = "response_type=code%20id_token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20email&state=%7B%7Bstate%7D%7D"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/authorize")!,timeoutInterval: Double.infinity)
request.addValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()