<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] ([OAuth 2.0]) is sent by the [OAuth Client] to the [Authorization Server] (specifically the [Authorization_endpoint]) to obtain an [Authorization Grant].

The [OAuth 2.0] and [OpenID Connect] Specification defines several [Grant Types] and other [Grant Types] have or may be defined. We show the [Authorization Code Grant] for [OpenID Connect] in most of our examples.

!! [OpenID Connect]
[OpenID Connect] defines the following [{$pagename}] parameters to enable [{$pagename}] to be signed and optionally encrypted:
* request - __OPTIONAL__ This parameter enables [OpenID Connect] requests to be passed in a single, self-contained parameter and to be optionally signed and/or encrypted. The parameter value is a [Request Object] value, as specified in Section 6.1. It represents the request as a [JWT] whose Claims are the [{$pagename}] parameters.
* [request_uri] - __OPTIONAL__ - This parameter enables [OpenID Connect] requests to be passed [by-reference], rather than [by-value]. The [request_uri] value is a [URL] using the https scheme referencing a resource containing a [{$pagename}] Object value, which is a [JWT] containing the request parameters.

Requests using these parameters are represented as [JWT]s, which are respectively passed [by-value]or passed [by-reference]. The ability to pass requests [by-reference] is particularly useful for large requests. If one of these parameters is used, the other __MUST NOT__ be used in the same request.

!! [Authorization Request Parameters]
The [Authorization Request Parameters] should be registered [OAuth Parameters Registry] or agreed upon by the parties in advance.

Typically, the folowing are required:
* [response_type]
* [client_id]
* [redirect_uri]
* [scope|OAuth Scopes]
* [state|OAuth state parameter]

!! How the [{$pagename}] is Used
The [OAuth Client] directs the [Resource Owner] to the constructed [{$pagename}] URI using an HTTPS redirection response, or by other means available to it via the [user-agent].

For [example], the [OAuth Client] directs the [user-agent] to make the following HTTP request using [TLS]:
%%prettify 
{{{
https://server.example.com/authorize?
    response_type=code
    &amp;client_id=s6BhdRkqt3
    &amp;redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
    &amp;scope=openid%20profile
    &amp;state=af0ifjsldkj
}}} 
/%

The [Authorization Server] validates the [{$pagename}] to ensure that all required parameters are present and valid. If the [{$pagename}] is valid, the [Authorization Server] [authenticates] the [Resource Owner] and obtains an authorization decision (by asking the [Resource Owner] or by establishing approval via other means).

If a successful decision is established, the [Authorization Server] directs the [user-agent] to the [OAuth Client] provided [Redirect_uri] using an [HTTP] [Redirection] response, or by other means available to it via the [user-agent] providing the [Authorization Grant] to the [OAuth Client]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [RFC 6749|https://tools.ietf.org/html/rfc6749|target='_blank'] - based on data observed:2015-05-18
</pre>