OIDC Authorization (/oauth/authorize/)
URL: https://[server_name]/api/v1/oauth/authorize/
The Authorization Code flow is best used in web and mobile apps. This is the flow used for third party integration, the user authorizes your partner to access its products in your APIs and get the authorization code. This code is needed along with client_id and client_secret to get the access token.
This endpoint will redirect to the access portal configured in the Relying Party.
Supported fields
Field |
Display name |
Type |
Required |
Other restrictions |
---|---|---|---|---|
response_type |
response_type which should be set to code for now |
string |
Yes |
|
client_id |
client_id that is registered in FortiAuthenticator |
string |
Yes |
|
redirect_uri |
Redirect URL after successful or failed authentication |
string |
Yes |
|
scope |
Requested scopes |
string |
No |
|
code_challenge_method |
Code Verifier hashing algorithm |
string |
If grant_type is Authorization code with PKCE |
only 'S256' accepted |
code_challenge |
Base64 URL encoding of the SHA256 hash of the code_verifier |
string |
If grant_type is Authorization code with PKCE |
|
Allowed methods
HTTP method |
Resource URI |
Action |
---|---|---|
GET |
/api/v1/oauth/authorize |
Redirect to portal for authentication. |
Response codes
Code |
Response content |
Description |
---|---|---|
302 redirect |
Portal for authentication |
Successfully redirected to the portal. |
302 redirect |
Callback URL with error |
In case of error client will be redirected to redirect_uri with error and error_description. |
Example
https://fac3.org/api/v1/oauth/authorize/?response_type=code&client_id=hlcOZPMGhIjNgU4sZu90nmr4O6q9vsSSdTcUIubM&redirect_uri=https://some_url/noexist/callback
Response:
redirect to the portal specified in the policy of relying party configuration