Skip to main content

Integration Steps

Authorization Request

Redirection of the public client to the Authorization Server (AS) with the Authorization Request.

Non-normative example of an Authorization Request:

GET /oauth2/auth?
client_id=https%3A%2F%2Fapp.client.com
&redirect_uri=https%3A%2F%2Fapp.client.org%2F
&response_type=code
&scope=openid%20eidas
&nonce=1234567890abcdef1234567890abcdefXYZabc
&state=abcdef1234567890abcdef1234567890XYZ987
&code_challenge=AbCdEfGhIjKlMnOpQrStUvWxYz1234567890abcdEfGhI
&code_challenge_method=S256
Host: authserver.example.org


 Authorization Response

Redirection from the AS to the public client with the Authorization Response.

Non-normative example of an Authorization Response:

HTTP/1.1 302 Found
Location: https://app.client.org/?
code=A1b2C3d4E5f6G7h8I9j0K1l2M3n4O5p6Q7r8S9t0U1v2W3x4Y5z6
&state=1234abcd5678efgh9012ijkl3456mnop7890qrst


Token Request

Non-normative example of a Token Request:

POST /oauth2/token HTTP/1.1
Host: authserver.example.org
Content-Type: application/json
Content-Length: 311

{
  "grant_type": "authorization_code",
  "client_id": "https://app.client.com",
  "code_verifier": "b7f9a4b52e6347a1b8f2c3d1a6...9e0f1ABCxyz",
  "code": "AbC123xYz0987QrStUvWxYz6543LmNoPqRsTuVwXyZ=",
  "redirect_uri": "https://app.client.org/"
}


Token Response

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store

{
  "access_token": "eyJhbGciOiJFQ0RILUVTIiwiZ...qtAlx1oFIUpQQ",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...p-QV30",
  "scope": "openid profile email",
  "token_type": "Bearer"
}

 

Back to top