Obtain Standard Authorization Code
When a user accesses a third-party application, the third-party application initiates an authorization login request to Bamboo Cloud IDaaS. After the user successfully authenticates by entering their username and password, Bamboo Cloud IDaaS will redirect to the third-party application, carrying the authorization code parameter code.
# Request Description
GET https://{your_domain}/api/v1/oauth2/authorize
# Request Headers
None
# Request Example
GET https://{your_domain}/api/v1/oauth2/authorize?response_type=code&client_id={client_id}&redirect_uri=
http://oidcdemo.bccastle.com/demo/index.jsp&scope=openid&state=123456
# Request Parameters
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| response_type | Authorization Type | Required | code | This value must be code. |
| client_id | Application Identifier | Required | RqB2676qA | The client_id assigned to the third-party application after access application is approved. |
| redirect_uri | Callback Address | Optional | http://oidcdemo.bccastle.com /demo/index.jsp | The callback address after authorization. Must be consistent with the trusted domain registered for the application. Note: The URL needs to be URLEncoded. |
| state | State Code from Application Side | Optional | 15924362 | State value from the client side. Used to prevent CSRF attacks. It will be returned unchanged in the callback after successful authorization. Please verify the binding between the user and the state. |
| scope | Scope | Required | openid | The scope parameter only supports openid. |
# Return Examples
Correct Return Example
HTTP Status: 302 REDIRECT
{redirect_uri}?code=a2WskPcoue0ymFh0B8Q&state=123456
Error Prompt for User Not Authorizing the Application
HTTP Status: 302 REDIRECT
https://{your_domain}/authentication/UnauthorizedUser.html
Missing client_id Parameter
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "Missing client_id"
}
Incorrect client_id Parameter
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "client_id parameter is error"
}
Incorrect response_type Parameter Name or Value
HTTP Status: 400 BAD REQUEST
{
"error": "unsupported_response_type",
"error_description": "Unsupported response types: [xxx]"
}
Incorrect redirect_uri Parameter
HTTP Status: 400 BAD REQUEST {
"error": "invalid_request",
"error_description": "Invalid redirect: xxxx does not match one of the registered values."
}
Incorrect scope Parameter
HTTP Status: 302
{redirect_uri}?error=invalid_scope&error_description=Invalid scope: xxx&state=123456
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Return Parameters
If the user successfully logs in and authorizes, they will be redirected to the specified callback address, with the Authorization Code and the original state value appended after the redirect_uri address.
| Parameter Name | Chinese Name | Required | Example Value | Description |
|---|---|---|---|---|
| code | Authorization Code | Required | stRWlW | The authorization code returned by the authorization server to the application after the user logs in and authorizes. Note: This code is valid for 5 minutes and can only be used once within its validity period. |
| state | Application-side State Code | Optional | 15924362 | The state value from the client side. Used by third-party applications to prevent CSRF attacks. It will be returned as-is in the callback after successful authorization. |
I am ready to receive the Markdown content for translation. Please paste the text.