Authentication Request
The authentication request must be made to the Identity Provider's authentication endpoint, with additional parameters in query string format.
URLs
| Method | URL | Action | Description |
|---|---|---|---|
| GET | /authorize | Authenticate | Initiates the user authentication and authorization flow |
Production:
{login-producao}/authorizeStaging:
{login-homologacao}/authorizeRequired Parameters
| Parameter | Description | Example |
|---|---|---|
response_type | Expected response type | code |
scope | Requested permissions | openid profile |
client_id | Client ID | exampleclient |
redirect_uri | Redirect URI | https://example.com.br/callback |
Request Example
Production:
{login-producao}/authorize?response_type=code&scope=openid profile&client_id=exampleclient&redirect_uri=https://example.com.br/callbackStaging:
{login-homologacao}/authorize?response_type=code&scope=openid profile&client_id=exampleclient&redirect_uri=https://example.com.br/callbackIn addition to the basic and required parameters, there are additional parameters mentioned in chapters 8 and 9. After receiving the request, the system will proceed with the authentication and authorization process.
Optional Parameters
state
Opaque value used to maintain state between the request and callback. Commonly used for CSRF mitigation.
&state=af0ifjsldkjnonce
Case-sensitive string used to associate a client session with an id_token and to mitigate Replay attacks.
&nonce=n-0S6_WzA2Mjid_token_hint and prompt
For authentication without user interaction (when the user already has an active session):
&id_token_hint=<jwt_token>&prompt=noneFlow
- User is redirected to the authorization endpoint
- System processes authentication and authorization
- User is redirected back to the provided
redirect_uri - Additional information is returned in query string format
Next Step
After receiving the response, continue to Authentication Response.