- This API is the first endpoint which should be invoked in order to proceed with flows like implicit, hybrid, authorization code and authorization code with PKCE.
- This request authenticates the user and returns tokens along with an authorization grant to the client application as a part of the callback response.
- Refer below table for several possible response types in request w.r.t flows.
- Refer guide OAuth Flows
- See the OAuth2 spec
|Flow Types||Respone_Type||OAuth App(response)||OIDC App(response)||Remarks(only for OIDC)|
|Authorization code flow||code||code||code|
|Authorization Code with PKCE||code||code||code|
|Implicit flow||id_token||NA||id_token||Scope openid is mandatory|
|Implicit flow||token||access token||NA|
|Implicit flow||token id_token||NA||token id_token||Scope openid is mandatory|
|Hybrid Flow||code id_token token||NA||code id_token token||Scope openid is mandatory|
|Hybrid Flow||code id_token||NA||code id_token||Scope openid is mandatory|
|Hybrid Flow||code token||NA||code token||Scope openid is mandatory|