Skip to content

Implicit Grant Authorization

When the front end initiates application single sign-on authentication, it assembles the authentication request URL using the obtained client_id parameter and initiates access.

Request Description

http
GET https://{your_domain}/api/v1/oauth2/authorize

Request Parameters

ParameterNameRequiredExampleDescription
response_typeAuthorization typeRequiredtokenFixed value: token
client_idApplication identifierRequiredRqB2HiHC9N676qAclientid assigned to the third-party application after access is approved.
redirect_uriCallback addressOptionalhttp://oauthdemo.bccastle.com
/demo/index.jsp
Callback address after authorization.
Must match the trusted domain filled in when registering the application.
Note that the URL needs to be URL-encoded.
stateState codeOptional15924362Client-side state value. Used to prevent CSRF attacks.
It will be returned unchanged in the callback after successful authorization.
Please check the binding between the user and the state.
scopeScopeOptionalget_user_infoFixed value: get_user_info

Request Example

https://{your_domain}/api/v1/oauth2/authorize?response_type=token&client_id={client_id}&redirect_uri=http://oauthdemo.bccastle.com/demo/index.jsp&state=15924362

Response Example

Success response example

http
HTTP Status: 302 REDIRECT
http://oauthdemo.bccastle.com/demo/index.jsp/#access_token=NObiIMkOvBgHIo8&token_type=Bearer&expires_in=6285&scope=get_user_info&state=15924362

Missing client_id parameter

json
HTTP Status: 400 BAD REQUEST 
{
    "error": "invalid_request",
    "error_description": "Missing client_id"
}

Incorrect client_id parameter

json
HTTP Status: 400 BAD REQUEST 
{
    "error": "invalid_request",
    "error_description": "client_id parameter is error"
}

response_type parameter name or value error

json
HTTP Status: 400 BAD REQUEST 
{
    "error": "unsupported_response_type",
    "error_description": "Unsupported response types: [xxx]"
}

Incorrect redirect_uri parameter

json
HTTP Status: 400 BAD REQUEST
{ 
    "error": "invalid_request",
    "error_description": "Invalid redirect: https://www.baidu.com does not match one of the registered values."
}

Incorrect scope parameter

json
HTTP Status: 302 
{redirect_uri}?error=invalid_scope&error_description=Invalid scope: xxx&state=123456

Response Parameters

If the user logs in and authorizes successfully, the browser will redirect to the specified callback address, appending the Authorization Code and the original state value to the redirect_uri.

ParameterNameRequiredExampleDescription
access_tokenAuthorization tokenRequiredNObiKQS-cn8AWnZyIMkOvBgHIo8Returned as a URL fragment, not a query parameter.
token_typeToken typeRequiredBearerFixed: Bearer
expires_inAccess token validity periodRequired7199Validity period of the access ticket returned by the authorization server. Note: the validity period is in seconds.
scopeAuthorization scopeRequiredget_user_infoFixed: get_user_info
stateApplication state codeOptional15924362Client-side state value. Used by third-party applications to prevent CSRF attacks; returned unchanged in the callback after successful authorization.

Next step: Get User Info

BambooCloud IDaaS Open Platform