Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

GET /authorize This is the OAuth 2.0 grant that web apps utilize in order to access an API.

Responses

302

A successful request will redirect the user to the specified callback URL with the access token. 
HTTP/1.1 302 Found
Location: ${account.callback}#access_token=TOKEN&state=STATE&token_type=TYPE&expires_in=SECONDS

Remarks

  • The redirect_uri value must be specified as a valid callback URL under your Application’s Settings.
  • If response_type=token, after the user authenticates with the provider, this will redirect them to your application callback URL while passing the access_token in the address location.hash. This is used for Single-Page Apps and on Native Mobile SDKs.
  • The Implicit Grant does not support the issuance of Refresh Tokens. Use Silent Authentication instead.
  • In order to improve compatibility for applications, Auth0 will now return profile information in a structured claim format as defined by the OIDC specification. This means that in order to add custom claims to ID tokens or Access Tokens, they must conform to a namespaced format to avoid possible collisions with standard OIDC claims.
  • Silent Authentication lets you perform an authentication flow where Auth0 will only reply with redirects, and never with a login page. When an Access Token has expired, silent authentication can be used to retrieve a new one without user interaction, assuming the user’s Single Sign-on (SSO) session has not expired.

Learn More

Parameters

audience
string
The unique identifier of the target API you want to access.
resource
string
The identifier of the target API (resource server) you want to access. Must match an API Identifier registered in your Auth0 tenant. Used as an alternative to audience when the tenant’s Resource Parameter Compatibility Profile is set to compatibility.
scope
string
The scopes which you want to request authorization for. These must be separated by a space.
response_type
string
required
This will specify the type of token you will receive at the end of the flow. Use token to get only an Access Token, id_token to get only an ID token, or id_token token to get both.Allowed values: token, id_token, id_token token
client_id
string
required
Your application’s ID.
state
string
An opaque value to prevent CSRF attacks.
redirect_uri
string
The URL to which Auth0 will redirect the browser after authorization.
nonce
string
A string value included in the ID token response to prevent token replay attacks.
connection
string
The name of the connection configured for your application.
prompt
string
To initiate a silent authentication request, use prompt=none.
organization
string
ID of the organization to use when authenticating a user.
invitation
string
Ticket ID of the organization invitation.

Response

StatusDescription
302Redirects to the specified callback URL with the access token.