Authorize URL¶
As we explain in Understand OAuth2, the first step to authenticate your users is to redirect them to the Fief authentication page.
This is done by redirecting them to the /authorize route of your tenant, with some specific parameters. Here is the full set of accepted parameters for the authorize URL. Most of them comes from the OAuth2 and OpenID specification, but Fief also defines some of its own.
| Parameter name | Description | Allowed values | Required |
|---|---|---|---|
response_type |
Denotes the kind of credential that will be returned after redirection. Official clients always use code. |
code, code id_token, code token, code id_token token |
✅ |
client_id |
Your Client ID. | ✅ | |
redirect_uri |
The URL where the user will be redirected after authentication. | Must be allowed on your Client. | ✅ |
scope |
Space-separated list of scope to ask for. Must contain at least openid |
openid, offline_access |
✅ |
state |
Optional value to keep track of the authentication process in your app. | ||
prompt |
Optional value to force or hide the authentication page prompt. If the user has already a session on Fief's side and has already consented access to this Client, they will be automatically redirected to your application without any prompt. You can disable this by setting this parameter to login to force the user to authenticate again or consent to force the user to give its consent again. |
none, login, consent |
|
screen |
By default, the user will be redirected to a login page. You can force Fief to redirect to a registration page with this parameter. | login, register |
|
login_hint |
Optional parameter to either prefill the user email or put forward one of the OAuth Provider. | Valid email address or ID of an OAuth Provider enabled on your tenant. | |
acr_values |
Optional space-separated list of ACR levels the server should require from the user. | 0, 1 |
|
lang |
Optional parameter to set the user locale on the authentication pages. | Valid RFC 3066 language identifier, like fr or pt-PT. |
|
code_challenge |
Optional code challenge value for PKCE. | For public Clients | |
code_challenge_method |
Method used to hash the code verifier for PKCE. | plain, S256 |
For public Clients |