Simplified Authorization Code Authentication
When the frontend initiates application single sign-on authentication, it constructs the authentication request URL using the obtained client_id parameter and initiates the access.
# Request Description
GET https://{your_domain}/api/v1/oauth2/authorize
# Request Parameters:
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| response_type | Authorization Type | Required | token | This value is fixed as token. |
| client_id | Application Identifier | Required | RqB2HiHC9N676qA | The clientid assigned to the third-party application after applying for access. |
| redirect_uri | Callback Address | Optional | http://oauthdemo.bccastle.com /demo/index.jsp | The callback address after authorization. Must be consistent with the trusted domain filled in during application registration. Note that the URL needs to be URLEncoded. |
| state | State Code | Optional | 15924362 | Client-side state value. Used to prevent CSRF attacks. Will be returned as-is in the callback after successful authorization. Please check the binding between the user and the state. |
| scope | Scope of Application | Optional | get_user_info | This value is fixed as get_user_info. |
# Request Example
https://{your_domain}/api/v1/oauth2/authorize?response_type=token&client_id={client_id}&redirect_uri=http://oauthdemo.bccastle.com/demo/index.jsp&state=15924362
# Response Example
Correct Response Example
HTTP Status: 302 REDIRECT
http://oauthdemo.bccastle.com/demo/index.jsp/#access_token=NObiIMkOvBgHIo8&token_type=Bearer&expires_in=6285&scope=get_user_info&state=15924362
client_id parameter missing
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "Missing client_id"
}
client_id parameter incorrect
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "client_id parameter is error"
}
response_type parameter name or value error
HTTP Status: 400 BAD REQUEST
{
"error": "unsupported_response_type",
"error_description": "Unsupported response types: [xxx]"
}
redirect_uri parameter incorrect
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "Invalid redirect: https://www.baidu.com does not match one of the registered values."
}
scope parameter incorrect
HTTP Status: 302
{redirect_uri}?error=invalid_scope&error_description=Invalid scope: xxx&state=123456
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Response Parameters
If the user successfully logs in and authorizes, they will be redirected to the specified callback address, with the Authorization Code and the original state value appended to the redirect_uri address.
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| access_token | Authorization Token | Required | NObiKQS-cn8AWnZyIMkOvBgHIo8 | Included as a URL anchor parameter, not a query parameter. |
| token_type | Token Type | Required | Bearer | Fixed as Bearer |
| expires_in | Validity Period of Authorization Token | Required | 7199 | The validity period of the access token returned by the authorization server to the application. Note: The period is in seconds. |
| scope | Authorization Scope | Required | get_user_info | Fixed as get_user_info |
| state | Client-side State Code | Optional | 15924362 | The state value from the client side. Used by third-party applications to prevent CSRF attacks, and will be returned unchanged in the callback after successful authorization. |
Next step: Obtaining User Information