Skip to content

Authorize URL

As we explain in Understand OAuth2, the first step to authenticate your users is to redirect them to the Fief authentication page.

This is done by redirecting them to the /authorize route of your tenant, with some specific parameters. Here is the full set of accepted parameters for the authorize URL. Most of them comes from the OAuth2 and OpenID specification, but Fief also defines some of its own.

Parameter name Description Allowed values Required
response_type Denotes the kind of credential that will be returned after redirection. Official clients always use code. code, code id_token, code token, code id_token token
client_id Your Client ID.
redirect_uri The URL where the user will be redirected after authentication. Must be allowed on your Client.
scope Space-separated list of scope to ask for. Must contain at least openid openid, offline_access
state Optional value to keep track of the authentication process in your app.
prompt Optional value to force or hide the authentication page prompt. If the user has already a session on Fief's side and has already consented access to this Client, they will be automatically redirected to your application without any prompt. You can disable this by setting this parameter to login to force the user to authenticate again or consent to force the user to give its consent again. none, login, consent
screen By default, the user will be redirected to a login page. You can force Fief to redirect to a registration page with this parameter. login, register
login_hint Optional parameter to either prefill the user email or put forward one of the OAuth Provider. Valid email address or ID of an OAuth Provider enabled on your tenant.
acr_values Optional space-separated list of ACR levels the server should require from the user. 0, 1
lang Optional parameter to set the user locale on the authentication pages. Valid RFC 3066 language identifier, like fr or pt-PT.
code_challenge Optional code challenge value for PKCE. For public Clients
code_challenge_method Method used to hash the code verifier for PKCE. plain, S256 For public Clients