Obtain PKCE Authorization Code
When a user accesses a third-party application, the third-party application uses code_challenge to initiate an authorization login request to Zhuyun IDaaS. After the user successfully authenticates by entering their username and password, Zhuyun IDaaS will redirect to the third-party application, carrying the authorization code parameter code.
# Request Description
GET https://{your_domain}/api/v1/oauth2/authorize
# Request Example
GET https://{your_domain}/api/v1/oauth2/authorize?response_type=code&client_id={client_id}&redirect_uri=http://oauthdemo.bccastle.com/demo/index.jsp&state=15924362&code_challenge=5qa69AH8v3r33rVuTGjZalHczEq
MsXYvllXXL8zXorM&code_challenge_method=S256
# Request Parameters
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| response_type | Authorization Type | Required | code | This value is fixed as code. |
| client_id | Application Identifier | Required | RqB2HJtkz6iH76qA | The client_id assigned to the third-party application after registration. |
| redirect_uri | Callback URI | Optional | http://oauthdemo.bccastle.com /demo/index.jsp | The callback URI after successful authorization. Must be consistent with the trusted domain registered for the application. It is recommended to set it as the application's homepage or user center. Note: The URL needs to be URLEncoded. |
| state | Application-side State Code | Optional | 15924362 | The state value from the client side. Used by the third-party application to prevent CSRF attacks. It will be returned unchanged in the callback after successful authorization. Please strictly follow the process to check the binding between the user and the state parameter. |
| scope | Scope of Application | Optional | get_user_info | This value is fixed as get_user_info. |
| code_challenge | PKCE Challenge Code | Required | 5qa69AMsXYvllXorM | The application randomly generates a string of 43-128 characters, performs URL-Safe Base64 encoding on it, and uses the result as the code_verifier. Then, hash this string using SHA256 and perform URL-Safe Base64 encoding on the hash result, using that as the code_challenge. |
| code_challenge_method | PKCE Challenge Code Encryption Method | Required | S256 | Fixed value S256. |
# Return Example {/examples/}
Correct Return Example
HTTP Status: 302 REDIRECT
http://oauthdemo.bccastle.com/demo/index.jsp?code=stRWlW&state=15924362
Missing client_id parameter
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "Missing client_id"
}
Incorrect client_id parameter
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "client_id parameter is error"
}
Incorrect response_type parameter name or value
HTTP Status: 400 BAD REQUEST
{
"error": "unsupported_response_type",
"error_description": "Unsupported response types: [xxx]"
}
Incorrect redirect_uri parameter
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "Invalid redirect: https://www.baidu.com does not match one of the registered values."
}
Incorrect scope parameter
HTTP Status: 302
{redirect_uri}?error=invalid_scope&error_description=Invalid scope: xxx&state=123456
Missing code_challenge parameter
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "Miss code_challenge"
}
Incorrect code_challenge_method parameter
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "Unsupported code_challenge_method: xxx"
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Return Parameters {/examples/}
If the user successfully logs in and grants authorization, they will be redirected to the specified callback address, with the Authorization Code and the original state value appended to the redirect_uri address.
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| code | Authorization Code | Required | stRWlW | The authorization code returned by the authorization server to the application after the user logs in and grants authorization. Note: This code is valid for 5 minutes and can only be used once within the validity period. |
| state | Client-side State Code | Optional | 15924362 | The state value from the client side. Used by third-party applications to prevent CSRF attacks, and will be returned as-is in the callback after successful authorization. |
I am ready to receive the Markdown content for translation. Please paste the text you would like me to translate.