post https://example.com/OAuth2/Authorize
- This API is the first endpoint which should be invoked in order to proceed with flows like implicit, hybrid, authorization code and authorization code with PKCE.
- This request authenticates the user and returns tokens along with an authorization grant to the client application as a part of the callback response.
- Refer below table for several possible response types in request w.r.t flows.
- Refer guide OAuth Flows
- See the OAuth2 spec
Flow Types | Respone_Type | OAuth App(response) | OIDC App(response) | Remarks(only for OIDC) |
---|---|---|---|---|
Authorization code flow | code | code | code | |
Authorization Code with PKCE | code | code | code | |
Implicit flow | id_token | NA | id_token | Scope openid is mandatory |
Implicit flow | token | access token | NA | |
Implicit flow | token id_token | NA | token id_token | Scope openid is mandatory |
Hybrid Flow | code id_token token | NA | code id_token token | Scope openid is mandatory |
Hybrid Flow | code id_token | NA | code id_token | Scope openid is mandatory |
Hybrid Flow | code token | NA | code token | Scope openid is mandatory |