Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

GET /authorize You can connect your Auth0 service to an enterprise identity provider and allow your users to log in to your application via Microsoft Azure Active Directory, Google Workspace, Okta Workforce, or other supported providers. To learn more about supported providers, visit Auth0 Marketplace. Make a GET call to the /authorize endpoint for passive authentication. It returns a 302 redirect to the SAML Provider (or Windows Azure AD and the rest, as specified in the connection) to enter their credentials.

Remarks

  • If response_type=token, after the user authenticates, the browser will be redirected to the application callback URL with the Access Token and ID Token in the address location.hash. This is commonly used for Single-Page Apps (SPAs) and Native Mobile SDKs.
  • If no connection is provided, the user will be redirected to the Auth0 Login Page, where they can authenticate via the first available database connection.
  • This flow is used for applications that require passive browser-based authentication.

Learn More

Parameters

response_type
string
required
Specifies the token type. Use code for server-side flows and token for client-side flows.Allowed values: code, token
client_id
string
required
The client_id of your application.
connection
string
The name of the enterprise connection configured for your application. If not provided, it will redirect to the Auth0 Login Page and show the Login Widget using the first available database connection.
redirect_uri
string
required
The URL to which Auth0 will redirect the browser after authorization has been granted by the user. Specify the redirect_uri under your Application’s Settings.
state
string
[Recommended] An opaque value the application adds to the initial request that the authorization server includes when redirecting back to the application. This value must be used by the application to prevent CSRF attacks.

Response

StatusDescription
302Redirect to the authentication provider.
400Bad Request - Invalid parameters
500Internal Server Error