Authorization Request Parameters

The following parameters are included in an authorization request:

Parameter Name Description Required?
client_id

The unique ID of the client application. This is assigned by CONNECT when the application is created.

For now, the client_id is provided by the administrator.

required
response_type It must include the word id_token for OpenID Connect sign-in or sign-up. In addition, it can also include the word code for oauth2 token requests or token (id_token+code). required
scope A space-separated list of scopes. It must include the openid scope, which translates to the "Sign you in" permission in the consent UI. Other scopes can also be included in this request consent. required
nonce Random string generated by the client application that is included back in the id_token as a claim. The client application verifies that the nonce in the id_token is the same as the one sent in the request, to prevent id_token replay attacks. required
redirect_uri URL encoded string of the URL where CONNECT redirects authentication responses (the id_token). Before use, the redirect URLs are configured in CONNECT as authorized origins for this client application. required
state Random string generated by the client application that is returned in the response along with the id_token. It is used to prevent cross-site request forgery attacks. It can also be used to encode information about the state of the user in the client application before the start of the authentication request (such as the page or view they were on) to continue from the point they left off. optional
prompt

Indicates the type of user interaction required. The following values are supported:

"none":  The user will not face a login prompt. The response may still include an id_token on the event that an authenticated session between the user (browser) and CONNECT already exists.

When omitted, a login prompt is displayed for users where no authenticated session with CONNECT exists.

No login prompt is displayed for users that already have an authenticated session with CONNECT (e.g. because of prior authentication via another client application).

optional
action The possible values are login (default) or register. It is used by CONNECT to display either the login or the registration form as the default UI when the user initially interacts with the CONNECT UI. optional
ui_locales When included, the language of the login/registration form is set according to the value of the ui_locales, if this language is supported. optional