Hosted Login authorization request reference

Create authorization requests optimized for use on your website or in your app. Authorization requests are used to authenticate and authorize Hosted Login users.

Authorization request reference

  • Supported authorization grant types
    The different ways you can request authentication and authorization in Hosted Login.

  • The Authorization code + PKCE grant type
    The most-commonly used grant type. Enables you to authenticate a user without having to pass a client secret.

  • The authorization code for web apps grant type
    Because this grant type requires you to pass a client secret, it’s recommended for use only on secure connections.

  • Supported response types
    Specifies the item (or items) you’d like returned from an authorization server. You can request an authorization code, an access token, an identity token, or various combinations of those items.

  • Supported response modes
    Specifies how you want items returned from the authorization server. Hosted Login supports the fragment, query, and form_post response modes.

  • Secure audience injection and the resource parameter
    Use the response parameter to place restrictions on where access tokens can be used.

  • Push claims
    Provides a way to automatically include specified scopes and claims in each authorization request, and without having to use either the scopes parameter or the claims parameter.

  • Optional authorization request parameters
    Optional parameters that can (and often should) be used in your Hosted Login authorization requests.

  • Return standard and custom claims
    Retrieving claims following a successful authentication. A claim is a discrete piece of user profile information. For example, a user’s birthday is a claim, a user’s cell phone number is a claim, and the organization a user works for is (or at least can be) a claim.

Related videos