Overview#
Authorization Request Parameters are parameters that may be used in an Authorization RequestThe Authorization Request Parameters should be registered OAuth Parameters Registry or agreed upon by the parties in advance.
The OAuth 2.0 Authorization Request Parameters is a URI (request_uri) constructed by OAuth Client with the following parameters to the query component of the Authorization_endpoint using the "application/x-www-form-urlencoded" format:
Parameter | REQUIRED | Defined BY | Description |
---|---|---|---|
response_type | REQUIRED | OAuth 2.0 | Value MUST be set to the appropriate value based on the Grant Type |
client_id | REQUIRED | OAuth 2.0 | The client identifier must match the value from OAuth 2.0 Client Registration |
redirect_uri | OPTIONAL | OAuth 2.0 | The redirect_uri it may be registered with Authorization Server in advance during OAuth 2.0 Client Registration. |
scope | OPTIONAL | OAuth 2.0 | The "Desired" OAuth Scopes of the Authorization Request Parameters |
state | RECOMMENDED | OAuth 2.0 | An opaque value used by the OAuth Client to maintain state between the request and callback. The Authorization Server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery nonce. |
nonce | OpenID Connect | nonce | |
display | OPTIONAL | OpenID Connect | ASCII RFC 20 string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the Resource Owner. The values are defined.. |
prompt | OPTIONAL | OpenID Connect | Authentication Request as a Space-delimited, case-sensitive list of ASCII string values that specifies whether the Authorization Server prompts the Resource Owner for re-authentication and consent. The values are defined. |
max_age | OPTIONAL | OpenID Connect | Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. When max_age is used, the ID Token returned MUST include an auth_time Claim Value. |
ui_locales | OPTIONAL | OpenID Connect | End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 RFC 5646 language tag values, ordered by preference. An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider. |
ui_hint | OPTIONAL | Authentication Request | A helpful text message that should be displayed to the End-User during the authentication process. NOTE: It's not clear what the use case for this is or how internationalization of the string would be performed. |
claims_locales | OPTIONAL | OpenID Connect | End-User's preferred languages and scripts for Claims being returned, represented as a space-separated list of BCP47 RFC 5646 language tag values, ordered by preference. An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider. |
id_token_hint | OPTIONAL | OpenID Connect | |
login_hint | OPTIONAL | OpenID Connect | |
acr_values | OPTIONAL | OpenID Connect | |
amr_values | OPTIONAL | OpenID Connect | |
code_challenge | REQUIRED | Proof Key for Code Exchange by OAuth Public Clients | REQUIRED when using Proof Key for Code Exchange by OAuth Public Clients |
code_challenge_method | OPTIONAL | Proof Key for Code Exchange by OAuth Public Clients | defaults to "plain" if not present in the request. Code verifier transformation method, "S256" or "plain". |