jspωiki
Authorization Request Parameters

Overview#

Authorization Request Parameters are parameters that may be used in an Authorization Request

The Authorization Request Parameters should be registered OAuth Parameters Registry or agreed upon by the parties in advance.

The OAuth 2.0 Authorization Request Parameters is a URI (request_uri) constructed by OAuth Client with the following parameters to the query component of the Authorization_endpoint using the "application/x-www-form-urlencoded" format:

ParameterREQUIREDDefined BYDescription
response_typeREQUIREDOAuth 2.0Value MUST be set to the appropriate value based on the Grant Type
client_idREQUIREDOAuth 2.0The client identifier must match the value from OAuth 2.0 Client Registration
redirect_uriOPTIONALOAuth 2.0The redirect_uri it may be registered with Authorization Server in advance during OAuth 2.0 Client Registration.
scopeOPTIONALOAuth 2.0The "Desired" OAuth Scopes of the Authorization Request Parameters
stateRECOMMENDEDOAuth 2.0An opaque value used by the OAuth Client to maintain state between the request and callback. The Authorization Server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery nonce.
nonce OpenID Connectnonce
displayOPTIONALOpenID ConnectASCII RFC 20 string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the Resource Owner. The values are defined..
promptOPTIONALOpenID ConnectAuthentication Request as a Space-delimited, case-sensitive list of ASCII string values that specifies whether the Authorization Server prompts the Resource Owner for re-authentication and consent. The values are defined.
max_ageOPTIONALOpenID ConnectMaximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. When max_age is used, the ID Token returned MUST include an auth_time Claim Value.
ui_localesOPTIONALOpenID ConnectEnd-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 RFC 5646 language tag values, ordered by preference. An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider.
ui_hintOPTIONALAuthentication RequestA helpful text message that should be displayed to the End-User during the authentication process. NOTE: It's not clear what the use case for this is or how internationalization of the string would be performed.
claims_localesOPTIONALOpenID ConnectEnd-User's preferred languages and scripts for Claims being returned, represented as a space-separated list of BCP47 RFC 5646 language tag values, ordered by preference. An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider.
id_token_hintOPTIONALOpenID Connect
login_hintOPTIONALOpenID Connect
acr_valuesOPTIONALOpenID Connect
amr_valuesOPTIONALOpenID Connect
code_challengeREQUIREDProof Key for Code Exchange by OAuth Public ClientsREQUIRED when using Proof Key for Code Exchange by OAuth Public Clients
code_challenge_methodOPTIONALProof Key for Code Exchange by OAuth Public Clientsdefaults to "plain" if not present in the request. Code verifier transformation method, "S256" or "plain".

More Information#

There might be more information for this subject on one of the following: