Authorization

To interact with the resource owner and get the authorization to access the protected resource.

Log in to see full request history
timestatususer agent
Retrieving recent requests…
LoadingLoading…
Query Params
string
required

The client identifier issued to the client during the registration process

string
required

The authorization and token endpoints allow the client to specify the scope of the access request using the "scope" request parameter. In turn, the authorization server uses the "scope" response parameter to inform the client of the scope of the access token issued. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings. The strings are defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope.

string
required

The value MUST be one of "code" for requesting an authorization code, "token" for requesting an access token (implicit grant) or a registered extension value

string
required

After completing its interaction with the resource owner, the authorization server directs the resource owner's user-agent back to the client. The authorization server redirects the user-agent to the client's 'redirect_uri' previously established with the authorization server during the client registration process or when making the authorization request. The 'redirect_uri' MUST be an absolute URI.

string
required

String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authorization Request to the ID Token. Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values.

string

Method used to generate the challenge (e.g., S256). The PKCE spec defines two methods, S256 and plain, the former is used in this example and is the only one supported by Auth0 since the latter is discouraged.

string

The authorization server should recognize the code_challenge parameter in the request, and associate that with the authorization code it generates.

string

Specifies the preferred languages and scripts for the user interface.

string
required

An opaque value that the client application may use. If this request parameter is contained in the authorization request, it is returned to the redirect URI as a query parameter.

Response

Language
URL
Click Try It! to start a request and see the response here! Or choose an example:
*/*