/oauth2/authorize
The /oauth2/authorize
endpoint is the OAuth 2.0 authorization endpoint
defined in RFC 6749.
Use this endpoint to gather consent and authorization from the resource owner for the following flows:
-
Authorization code grant (OAuth 2.0 and OIDC)
-
Authorization code grant with PKCE (OAuth 2.0 and OIDC)
-
Authorization code grant with PAR (OAuth 2.0)
-
Implicit grant (OAuth 2.0 and OIDC)
Specify the realm in the request URL; for example:
https://openam.example.com:8443/openam/oauth2/realms/root/realms/alpha/authorize
The authorization endpoint supports the following parameters:
Parameter | Description | Required |
---|---|---|
The OpenID Connect authentication context class reference values. |
||
The user attributes to be returned in the ID token. |
No |
|
Uniquely identifies the application making the request. |
Yes |
|
The code verifier generated for the PKCE flow. |
Yes, for the Authorization code grant with PKCE flow |
|
The method to derive the code challenge. |
Yes, when the |
|
The SSO token string linking the request to the user session to protect against Cross-Site Request Forgery attacks. |
Yes, when gathering consent without a remote consent service |
|
Specifies whether the resource owner consents to the requested access. |
Yes, when gathering consent unless consent is already saved for the scope |
|
Previously issued ID token passed as a hint about the end user’s session with the client. |
No |
|
String value that can be set to the ID the user uses to log in. |
No |
|
String value that associates the client session with the ID token. |
No |
|
Specifies whether to prompt the end user for authentication and consent. |
No |
|
The URI to return the resource owner to after authorization is complete. |
No |
|
Specifies the mechanism for returning response parameters. |
No |
|
The type of response expected from the authorization server. |
Yes |
|
The JWT request object. |
Yes, for JAR request and OIDC flows requiring a request object and providing no |
|
For PAR or OIDC flows, a reference to JWT request object(s). |
Yes, for JAR request and OIDC flows requiring a request object and providing no |
|
Specifies whether to store a resource owner’s consented scopes. |
No |
|
The scopes linked to the permissions requested by the client from the resource owner. |
No |
|
The authentication journey to use when authenticating the resource owner. |
No |
|
The value to maintain state between the request and the callback. |
No, but strongly recommended |
|
The end user’s preferred languages for the user interface. |
No |