Skip to content

Get Authorization Code

When the user accesses the third-party application, the third-party application initiates an authorization login request to BambooCloud IDaaS. After the user enters username and password and is authenticated, BambooCloud IDaaS redirects to the third-party application with the authorization code parameter.

Request Description

http
GET https://{your_domain}/api/v1/oauth2/authorize

Request Headers

None

Request Example

http
GET https://{your_domain}/api/v1/oauth2/authorize?response_type=code&client_id={client_id}&redirect_uri=<br>http://oidcdemo.bccastle.com/demo/index.jsp&scope=openid&state=123456

Request Parameters

ParameterNameRequiredExampleDescription
response_typeAuthorization typeRequiredcodeFixed value: code
client_idApplication identifierRequiredRqB2676qAclientid assigned to the third-party application after access is approved.
redirect_uriCallback addressOptionalhttp://oidcdemo.bccastle.com
/demo/index.jsp
Callback address after authorization.
Must match the trusted domain filled in when registering the application.
Note that the URL needs to be URL-encoded.
stateApplication state codeOptional15924362Client-side state value. Used to prevent CSRF attacks.
It will be returned unchanged in the callback after successful authorization.
Please check the binding between the user and the state.
scopeScopeRequiredopenidThe scope parameter only supports openid

Response Example

Success response example

json
HTTP Status: 302 REDIRECT
{redirect_uri}?code=a2WskPcoue0ymFh0B8Q&state=123456

User has not authorized the application

json
HTTP Status: 302 REDIRECT
https://{your_domain}/authentication/UnauthorizedUser.html

Missing client_id parameter

json
HTTP Status: 400 BAD REQUEST
{
  "error": "invalid_request",
  "error_description": "Missing client_id"
}

Incorrect client_id parameter

json
HTTP Status: 400 BAD REQUEST
{
  "error": "invalid_request",
  "error_description": "client_id parameter is error"
}

response_type parameter name or value error

json
HTTP Status: 400 BAD REQUEST
{
  "error": "unsupported_response_type",
  "error_description": "Unsupported response types: [xxx]"
}

Incorrect redirect_uri parameter

json
HTTP Status: 400 BAD REQUEST
{
  "error": "invalid_request",
  "error_description": "Invalid redirect: xxxx does not match one of the registered values."
}

Incorrect scope parameter

json
HTTP Status: 302
{redirect_uri}?error=invalid_scope&error_description=Invalid scope: xxx&state=123456

Response Parameters

If the user logs in and authorizes successfully, the browser will redirect to the specified callback address, appending the Authorization Code and the original state value to the redirect_uri.

ParameterNameRequiredExampleDescription
codeAuthorization codeRequiredstRWlWAuthorization code returned by the authorization server to the application after the user logs in and authorizes.
Note: this code is valid for 5 minutes and can only be used once within the validity period.
stateApplication state codeOptional15924362Client-side state value. Used by third-party applications to prevent CSRF attacks; returned unchanged in the callback after successful authorization.

BambooCloud IDaaS Open Platform