Authorize is a standard endpoint that triggers authentication of an enduser via one of the IDP options, followed by authorization in terms of consent handling. Authorization information is then returned in the reponse to the requesting OIDC Client. The content of the authorization response is different for each of the supported protocol flows message flows. The Authorize endpoint does in any case trigger a series of re-directs, eventually returning to the requesting OIDC Client at a
redirect_uri specified by the client. For security reasons only pre-registered redirect URIs are allowed.
|List of scope values specifying what kind of resources (dataset) the OIDC Client requests access to. The value |
|Unique ID (arbitrary string) configured at the OIDC Provider for the OIDC Client in question|
|Redirect URI to which the Authorize response will be sent. This URI must exactly match one of the Redirect URI values for the OIDC Client pre-registered at the OpenID Provider|
|Opaque value used to maintain state between the request and the callback.|
The response mode to be used for returning parameters from the Authorization Endpoint. The following values are supported:
Note: The .NET/C# example GitHub uses the OWIN framework. OWIN only accepts
|String value used to associate a ODIC Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token|
|Specifies whether the Authorization Server prompts the enduser for re-authentication and consent.|
|Not supported. The OIDC Provider determines life-time values in the ID Token.|
|May be used to set a language preference for GUI handling. The default GUI experience supports nb (Norsk Bokmål) and en (English)|
Requests use of any IDP at a given Level of Assurance (Authentication Context Class Reference) or above. A selector dialogue is shown to the enduser if more than one IDP option meet the required minimum level. Note that this parameter has no effect if the
This parameter may be used to specify the use of any particularly named IDP (Authentication Method Reference) along with any pre-configuration for the designated IDP. Note that this parameter has no effect f the
See further details on login_hint support for each of the supported IDPs.
|An ID Token previously issued by the OIDC Provider used as a hint about the enduser's current or past authenticated session with the OIDC Client. Note that this parameter has precedence before both |
Responses are different for each of the supported protocol message flows as specified by the
response_mode parameters in the Authorize request.