OIDC Authorization (/oauth/authorize/)
URL: https://[server_name]/api/v1/oauth/authorize/
The Authorization Code flow is best used in web and mobile apps. This is the flow used for third party integration, the user authorizes your partner to access its products in your APIs and get the authorization code. This code is needed along with client_id and client_secret to get the access token.
Supported fields
Field | Display name | Type | Required | Other restrictions |
---|---|---|---|---|
response_type | response_type which should be set to code for now | string | Yes | |
client_id | client_id that is registered in FortiAuthenticator | string | Yes | |
redirect_uri | Redirect URL after successful or failed authentication | string | Yes |
Allowed methods
HTTP method | Resource URI | Action |
---|---|---|
GET | /api/v1/oauth/authorize | Redirect to portal for authentication. |
Response codes
Code | Response content | Description |
---|---|---|
302 redirect | Portal for authentication | Successfully redirected to the portal. |
302 redirect | Callback URL with error | In case of error client will be redirected to redirect_uri with error and error_description. |
Example
https://fac3.org/api/v1/oauth/authorize/?response_type=code&client_id=hlcOZPMGhIjNgU4sZu90nmr4O6q9vsSSdTcUIubM&redirect_uri=https://some_url/noexist/callback
Response:
redirect to the portal specified in the policy of relying party configuration