Logs in the user or redirects it to a page to authenticate itself
GET/oauth/authorize
Parameters
Name
In
Type
Required
Description
client_id
query
string
true
The identifier of the client representing the app.
response_type
query
string
true
Which in a basic authorization code flow request should be code. Authn only support code
redirect_uri
query
string
false
Should be the HTTP endpoint on your server that will receive the response from Authn. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client, which you configured in the register of application. If this value doesn’t match an authorized URI, the request will fail with a 401 error.
state
query
string
true
Should include the value of the anti-forgery unique session token, as well as any other information needed to recover the context when the user returns to your application, e.g., the starting URL.
login_hint
query
string
false
If your application knows which user is trying to authenticate, it can use this parameter to provide a hint to the Authentication Server. The server uses the hint to simplify the login flow either by prefilling the email field in the sign-in form or by selecting the appropriate multi-login session.
groups_hint
query
string
false
The sub string is equivalent to the groups in the provider (only support Google ). If you do not provide a groups_hint and the user is currently logged in, in the next request of token, the access_token will not contain claim groups
access_type
query
string
false
The allowed values are offline and online. If an access token is being requested, the client does not receive a refresh token unless a value of offline is specified.
code_challenge
query
string
false
Specifies an encoded code_verifier that will be used as a server-side challenge during authorization code exchange. This string helps mitigating against the threat usually through the use of Proof Key for Code Exchange (PKCE)
code_challenge_method
query
string
false
Specifies what method was used to encode a code_verifier that will be used during authorization code exchange. This parameter must be used with the code_challenge parameter. The value of the code_challenge_method defaults to plain if not present in the request that includes a code_challenge. The only supported values for this parameter are S256 or plain.
Enumerated Values
Property
Values
response_type
one of [token, code]
Request example
1
2
3
4
curl -X GET https://authn.masstack.com/v1/oauth/authorize?client_id='TtsdmebPcQtEnvLsKw7x'&response_type='token'&redirect_uri='https://masmovil.com/login/callback'&state='0AxLygT73V6kreKzkQySOjfYShIvK/TR'&login_hint='my_user@masmovil.com'&groups_hint='group1+group2'&access_type='online'&code_challenge='5VTycQU924SQ3jHp5g9zcvMF2ai3aN89kxzB2D5QJUrejxam3jddqFUugD8F'&code_challenge_method='S256'?client_id=TtsdmebPcQtEnvLsKw7x&response_type=token&state=0AxLygT73V6kreKzkQySOjfYShIvK%2FTR \
-H "Accept: */*"
This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
GET/.well-known/jwks.json
Request example
1
2
3
4
curl -X GET https://authn.masstack.com/v1/.well-known/jwks.json \
-H "Accept: application/json"
This URL returns a JSON listing of the OpenID/OAuth endpoints, supported scopes and claims, public keys used to sign the tokens, and other details. The clients can use this information to construct a request to the OpenID server. The field names and values are defined in the OpenID Connect Discovery Specification
GET/.well-known/openid-configuration
Request example
1
2
3
4
curl -X GET https://authn.masstack.com/v1/.well-known/openid-configuration \
-H "Accept: application/json"