Get Authorization Code
When the user accesses the third-party application, the third-party application initiates an authorization login request to BambooCloud IDaaS. After the user enters username and password and is authenticated, BambooCloud IDaaS redirects to the third-party application with the authorization code parameter.
Request Description
http
GET https://{your_domain}/api/v1/oauth2/authorizeRequest Headers
None
Request Example
http
GET https://{your_domain}/api/v1/oauth2/authorize?response_type=code&client_id={client_id}&redirect_uri=<br>http://oidcdemo.bccastle.com/demo/index.jsp&scope=openid&state=123456Request Parameters
| Parameter | Name | Required | Example | Description |
|---|---|---|---|---|
| response_type | Authorization type | Required | code | Fixed value: code |
| client_id | Application identifier | Required | RqB2676qA | clientid assigned to the third-party application after access is approved. |
| redirect_uri | Callback address | Optional | http://oidcdemo.bccastle.com /demo/index.jsp | Callback address after authorization. Must match the trusted domain filled in when registering the application. Note that the URL needs to be URL-encoded. |
| state | Application state code | Optional | 15924362 | Client-side state value. Used to prevent CSRF attacks. It will be returned unchanged in the callback after successful authorization. Please check the binding between the user and the state. |
| scope | Scope | Required | openid | The scope parameter only supports openid |
Response Example
Success response example
json
HTTP Status: 302 REDIRECT
{redirect_uri}?code=a2WskPcoue0ymFh0B8Q&state=123456User has not authorized the application
json
HTTP Status: 302 REDIRECT
https://{your_domain}/authentication/UnauthorizedUser.htmlMissing client_id parameter
json
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "Missing client_id"
}Incorrect client_id parameter
json
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "client_id parameter is error"
}response_type parameter name or value error
json
HTTP Status: 400 BAD REQUEST
{
"error": "unsupported_response_type",
"error_description": "Unsupported response types: [xxx]"
}Incorrect redirect_uri parameter
json
HTTP Status: 400 BAD REQUEST
{
"error": "invalid_request",
"error_description": "Invalid redirect: xxxx does not match one of the registered values."
}Incorrect scope parameter
json
HTTP Status: 302
{redirect_uri}?error=invalid_scope&error_description=Invalid scope: xxx&state=123456Response Parameters
If the user logs in and authorizes successfully, the browser will redirect to the specified callback address, appending the Authorization Code and the original state value to the redirect_uri.
| Parameter | Name | Required | Example | Description |
|---|---|---|---|---|
| code | Authorization code | Required | stRWlW | Authorization code returned by the authorization server to the application after the user logs in and authorizes. Note: this code is valid for 5 minutes and can only be used once within the validity period. |
| state | Application state code | Optional | 15924362 | Client-side state value. Used by third-party applications to prevent CSRF attacks; returned unchanged in the callback after successful authorization. |