HomeGuidesRecipesAPI ReferenceChangelog
Log In
API Reference

OAuth Authorization

get
https://example.com/oauth/authorize

Start an OAuth authorization code flow by redirecting the user to this endpoint.
Compared to a standard OAuth Authorization endpoint, this endpoint accepts several (optional) query parameters to allow for passwordless login, requesting specific locales and asking the user to patch access rules.
This endpoint is rate limited. The following are allowed:

Redirect URI

After you have called this endpoint, eventually, the user will be redirected to a URI that you have specified.
This URI will look as follows:

  • In case of a successful procedure: https://example-app.com/redirect?code=AUTH_CODE_HERE&state=1234zyx
  • In case of an error: https://example-app.com/redirect?error=ERROR_CODE_HERE&error_description=URL_ENCODED_ERROR_DESCRIPTION_HERE.
Query Params
string
required

The URL encoded WebID of your application.

string
required

Indicates which OAuth 2.0 flow you want to perform. Use code for the Authorization Code Grant (PKCE) flow.

string

An opaque value you can add to the initial request that we include when redirecting the user back to you. You can use this value to prevent cross-site request forgery (CSRF) attacks.

string
required

The URL encoded URL to which we will redirect the browser after authorization has been granted by the user.

string
required

Method to generate the PKCE code challenge. Only S256 is supported.

string
required

The code challenge that was generated from the code verifier.

string

The base64 encoded brotli encoded string of an access patch request.

string

The URL encoded WebID of the user. If provided, we will send an email to the user to log in. Cannot be used in combination with the email query parameter.

string

The URL encoded email of the user. If provided, we will send an email to the user to log in. Cannot be used in combination with the webid query parameter.

string

The locale in which the message should be send. Formatted as ISO langauge code dash (-) ISO country code. If not provided, we will resort to the default locale.

string

Used to determine what type of one time password will be provided in the email that is sent to the user. Can be either code for a six digit code that the user has to type or link for a magic link. By default, we will include a magic link.

string

Used to indicate to the app whether the email has been sent for another time. If set and true and used in combination with webid or email, it means that the email has been sent more than one time.

Headers
string

If provided, this string will be set as the value of the X-Request-ID response header.

string

If provided, this string will be set as the value of the X-Correlation-ID response header.

Responses

response_type_missing
response_type_invalid
redirect_uri_missing
redirect_uri_invalid
code_challenge_method_missing
code_challenge_method_not_supported
code_challenge_missing

400

Bad Request
Possible error codes:
client_id_missing
client_id_no_url
client_id_not_found
client_id_does_not_resolve_to_profile document
client_id_doc_redirect_uri_does_not_match

500

Something went wrong on our end

501

This functionality will be implemented in the future

Updated over 2 years ago

Language
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
*/*

Updated over 2 years ago