Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

GET /authorize This is the OAuth 2.0 grant that mobile apps utilize in order to access an API. Before starting with this flow, you need to generate and store a code_verifier, and using that, generate a code_challenge that will be sent in the authorization request.

Parameters

audience
string
required
The unique identifier of the target API you want to access.
resource
string
The identifier of the target API (resource server) you want to access. Must match an API Identifier registered in your Auth0 tenant. Used as an alternative to audience when the tenant’s Resource Parameter Compatibility Profile is set to compatibility.
scope
string
The scopes which you want to request authorization for. These must be separated by a space. You can request standard OpenID Connect (OIDC) scopes, custom claims, or any scopes supported by the target API. Include ‘offline_access’ to get a Refresh Token.
response_type
string
required
Indicates to Auth0 which OAuth 2.0 Flow you want to perform. Use ‘code’ for Authorization Code Grant (PKCE) Flow.Allowed values: code
client_id
string
required
Your application’s Client ID.
state
string
An opaque value the client adds to the initial request that Auth0 includes when redirecting back to the client. This value must be used by the client to prevent CSRF attacks.
redirect_uri
string
The URL to which Auth0 will redirect the browser after authorization has been granted by the user.
code_challenge_method
string
required
Method used to generate the challenge. Use S256 as Auth0 only supports this method.Allowed values: S256
code_challenge
string
required
Generated challenge from the code_verifier.
connection
string
The name of the connection configured to your application.
prompt
string
To initiate a silent authentication request, use prompt=none.
organization
string
ID of the organization to use when authenticating a user.
invitation
string
Ticket ID of the organization invitation.
dpop_jkt
string
The JWK Thumbprint RFC7638 of the proof-of-possession public key using the SHA-256 hash function.

Response

StatusDescription
302Redirect to the specified redirect_uri after authorization.
defaultUnexpected error