Authorization Code Grant

Applies to ReadyAPI 3.51, last modified on March 21, 2024

The OpenID Connect ID Token is retrieved in almost the same way as an OAuth 2.0 access token when you use Implicit and Authorization Code grants.

When the Authorization Code grant connect flow is used, the resource owner first provides access, then an authorization code is sent to the client through browser redirect. The client then uses it to get an access token. Optionally, a refresh token is also sent.

OAuth 2.0: Authorization Code Grant
OAuth 2.0 Azure: Authorization Code Grant
Option Description
OpenID Connect Flow The OpenID Connect method to use.
Client Identification An alphanumeric string used to identify the client.
Client Secret The secret string the client will use.
Response Mode (For Azure only) Specifies how the authorization server sends the access token. Available options:
  • not defined - The authorization server will define which method to use.

  • form_post - The token will be sent as HTML form by using the POST method.

  • query - The token will be added to the query as a parameter.

State (For Azure only) The value included in the request that is also added to the token response. Usually it is used to provide a randomly generated string to prevent a cross-site request forgery attack.
Resource (For Azure only) The App ID URI of the web service.
Prompt (For Azure only) Specifies if the authentication server prompts the user to log in or consent even if they are logged in. Possible values:
  • not defined - The server will not prompt a user to log in.

  • login - The server asks to login again.

  • consent - The server asks user to consent.

  • admin-consent - The server asks prompts for the administrator consent.

Login Hint (For Azure only) The string displayed as a login hint in the sign-in form.
Domain Hint (For Azure only) Specifies the domain the user should use to sign in.
Authorization URL The authorization server URL.
Access Token URL The URL to get an access token from.
Redirect URL The URL you will be redirected to after successful authorization.
Scope The full scope string defining the requested permissions.
Use Authorization Header Select to send client credentials in the request header. Otherwise, the credentials are sent in the request body.
Get OpenID Token Click this button to retrieve the OpenID Connect token.
Automation Opens the Automated Token Profile editor.

See Also

Implicit Grant
OpenID Connect

Highlight search results