Fortinet white logo
Fortinet white logo

REST API Solution Guide

OIDC Authorization (/oauth/authorize/)

OIDC Authorization (/oauth/authorize/)

URL: https://[server_name]/api/v1/oauth/authorize/

The Authorization Code flow is best used in web and mobile apps. This is the flow used for third party integration, the user authorizes your partner to access its products in your APIs and get the authorization code. This code is needed along with client_id and client_secret to get the access token.

Supported fields

Field Display name Type Required Other restrictions
response_type response_type which should be set to code for now string Yes
client_id client_id that is registered in FortiAuthenticator string Yes
redirect_uri Redirect URL after successful or failed authentication string Yes

Allowed methods

HTTP method Resource URI Action
GET /api/v1/oauth/authorize Redirect to portal for authentication.

Response codes

Code Response content Description
302 redirect Portal for authentication Successfully redirected to the portal.
302 redirect Callback URL with error In case of error client will be redirected to redirect_uri with error and error_description.

Example

https://fac3.org/api/v1/oauth/authorize/?response_type=code&client_id=hlcOZPMGhIjNgU4sZu90nmr4O6q9vsSSdTcUIubM&redirect_uri=https://some_url/noexist/callback

Response:

redirect to the portal specified in the policy of relying party configuration

OIDC Authorization (/oauth/authorize/)

OIDC Authorization (/oauth/authorize/)

URL: https://[server_name]/api/v1/oauth/authorize/

The Authorization Code flow is best used in web and mobile apps. This is the flow used for third party integration, the user authorizes your partner to access its products in your APIs and get the authorization code. This code is needed along with client_id and client_secret to get the access token.

Supported fields

Field Display name Type Required Other restrictions
response_type response_type which should be set to code for now string Yes
client_id client_id that is registered in FortiAuthenticator string Yes
redirect_uri Redirect URL after successful or failed authentication string Yes

Allowed methods

HTTP method Resource URI Action
GET /api/v1/oauth/authorize Redirect to portal for authentication.

Response codes

Code Response content Description
302 redirect Portal for authentication Successfully redirected to the portal.
302 redirect Callback URL with error In case of error client will be redirected to redirect_uri with error and error_description.

Example

https://fac3.org/api/v1/oauth/authorize/?response_type=code&client_id=hlcOZPMGhIjNgU4sZu90nmr4O6q9vsSSdTcUIubM&redirect_uri=https://some_url/noexist/callback

Response:

redirect to the portal specified in the policy of relying party configuration