Fortinet white logo
Fortinet white logo

REST API Solution Guide

OIDC Authorization (/oauth/authorize/)

OIDC Authorization (/oauth/authorize/)

URL: https://[server_name]/api/v1/oauth/authorize/

The Authorization Code flow is best used in web and mobile apps. This is the flow used for third party integration, the user authorizes your partner to access its products in your APIs and get the authorization code. This code is needed along with client_id and client_secret to get the access token.

This endpoint will redirect to the access portal configured in the Relying Party.

Supported fields

Field

Display name

Type

Required

Other restrictions

response_type

response_type which should be set to code for now

string

Yes

client_id

client_id that is registered in FortiAuthenticator

string

Yes

redirect_uri

Redirect URL after successful or failed authentication

string

Yes

scope

Requested scopes

string

No

code_challenge_method

Code Verifier hashing algorithm

string

If grant_type is Authorization code with PKCE

only 'S256' accepted

code_challenge

Base64 URL encoding of the SHA256 hash of the code_verifier

string

If grant_type is Authorization code with PKCE

Allowed methods

HTTP method

Resource URI

Action

GET

/api/v1/oauth/authorize

Redirect to portal for authentication.

Response codes

Code

Response content

Description

302 redirect

Portal for authentication

Successfully redirected to the portal.

302 redirect

Callback URL with error

In case of error client will be redirected to redirect_uri with error and error_description.

Example

https://fac3.org/api/v1/oauth/authorize/?response_type=code&client_id=hlcOZPMGhIjNgU4sZu90nmr4O6q9vsSSdTcUIubM&redirect_uri=https://some_url/noexist/callback

Response:

redirect to the portal specified in the policy of relying party configuration

OIDC Authorization (/oauth/authorize/)

OIDC Authorization (/oauth/authorize/)

URL: https://[server_name]/api/v1/oauth/authorize/

The Authorization Code flow is best used in web and mobile apps. This is the flow used for third party integration, the user authorizes your partner to access its products in your APIs and get the authorization code. This code is needed along with client_id and client_secret to get the access token.

This endpoint will redirect to the access portal configured in the Relying Party.

Supported fields

Field

Display name

Type

Required

Other restrictions

response_type

response_type which should be set to code for now

string

Yes

client_id

client_id that is registered in FortiAuthenticator

string

Yes

redirect_uri

Redirect URL after successful or failed authentication

string

Yes

scope

Requested scopes

string

No

code_challenge_method

Code Verifier hashing algorithm

string

If grant_type is Authorization code with PKCE

only 'S256' accepted

code_challenge

Base64 URL encoding of the SHA256 hash of the code_verifier

string

If grant_type is Authorization code with PKCE

Allowed methods

HTTP method

Resource URI

Action

GET

/api/v1/oauth/authorize

Redirect to portal for authentication.

Response codes

Code

Response content

Description

302 redirect

Portal for authentication

Successfully redirected to the portal.

302 redirect

Callback URL with error

In case of error client will be redirected to redirect_uri with error and error_description.

Example

https://fac3.org/api/v1/oauth/authorize/?response_type=code&client_id=hlcOZPMGhIjNgU4sZu90nmr4O6q9vsSSdTcUIubM&redirect_uri=https://some_url/noexist/callback

Response:

redirect to the portal specified in the policy of relying party configuration