Description
The authorization sequence is started by redirecting the browser (all of the page) to a DRUID URL with a set of configuration parameters that tell the server what type of access to the DRUID resource servers your application requires. As in other scenarios, DRUID takes care of user authentication, creating the shared session in all domains and consent to access to the data requested by your application.
In this particular case, the user must be authenticated on the server or a logged-in user access token must be provided.
Endpoint URL:
GET https://{your-endpoint-domain.com}/oauth2/authorize
Request parameters
In case it is not logged in, your app must redirect to the server for a user to authenticate with login or registration screen. All the codes and values of each parameter must be UTF-8-encoded and URL-encoded.
The result of the request, if they are not logged in, would be a redirection to the login page, which will appear in the user’s browser. If they are logged in and have authorised access to your application, they will be redirected directly to the next step, depending on the method sent.
Parameter | Description | Type |
client_id | identifies the app | string |
redirect_uri | URL to which the OAuth server will redirect the user’s browser after completing the authentication process by the users. These URLs have to be registered in the cockpit panel. | string |
response_type | The value must be set to none. | string |
x_method | Possible values could be ‘edit-account”, to redirect user to desired flow. | string |
state | Allows you to restore the previous state of your application. The state parameter preserves some state objects set by the client in the Authorization request and makes it available to the client in the response (eg: session identifier, json info base64 encoded…). The content must be url urlencoded. | string |
scope | Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. In the case of DruID, you must send the id of the entrypoint you want to use for the desired flow. | string |
Response
The server checks that the input parameters are correct, and if found to be logged in, redirects the user to the next step. If the user is not logged in, the user is redirected to the login screen.
When the user completes the actions on the displayed screen, the OAuth server responds to the browser control to the app via GET to the URL it received in the redirect_uri parameter.
Error codes
The possible errors in this step are:
- invalid_request
- invalid_client
- unauthorized_client
- redirect_uri_mismatch
- unsupported_response_type
- invalid_scope