post https://example.com/OAuth2/Authorize
- This API is the first endpoint which should be invoked in order to proceed with flows like implicit, hybrid, authorization code and authorization code with PKCE.
- This request authenticates the user and returns tokens along with an authorization grant to the client application as a part of the callback response.
- Refer below table for several possible response types in request w.r.t flows.
- Refer guide OAuth Flows
- See the OAuth2 spec
| Flow Types | Respone_Type | OAuth App(response) | OIDC App(response) | Remarks(only for OIDC) |
|---|---|---|---|---|
| Authorization code flow | code | code | code | |
| Authorization Code with PKCE | code | code | code | |
| Implicit flow | id_token | NA | id_token | Scope openid is mandatory |
| Implicit flow | token | access token | NA | |
| Implicit flow | token id_token | NA | token id_token | Scope openid is mandatory |
| Hybrid Flow | code id_token token | NA | code id_token token | Scope openid is mandatory |
| Hybrid Flow | code id_token | NA | code id_token | Scope openid is mandatory |
| Hybrid Flow | code token | NA | code token | Scope openid is mandatory |