3.2.5.1.1 GET
This method is transported by an HTTP GET.
The method can be invoked through the following URI:
-
/authorize?response_type={response_type}&client_id={client_id}&redirect_uri={redirect_uri}&scope={scope}&state={state}&resource={resource}&resource_params={resource_p arams}&client-request-id={ClientRequestId}&login_hint={login_hint}&domain_hint={domain_hint}&nonce={nonce}&prompt={prompt}&max_age={max_age}&id_token_hint={id_token_hint}&amr_values={amr_values}&mfa_max_age={mfa_max_age}
The format of the authorization request is specified in [RFC6749] section 4.1.1 (Authorization Request). The OAuth 2.0 client MUST specify the query parameters marked as REQUIRED in [RFC6749] section 4.1.1.
In addition to the query parameters marked as REQUIRED in [RFC6749] section 4.1.1, the OAuth 2.0 client uses the following query parameters, which are defined in section 2.2.2 of this document.
resource: OPTIONAL. The client MAY indicate the resource for which it requires authorization from the AD FS server using the resource parameter.
resource_params: OPTIONAL. The client can choose to specify this optional query parameter to specify a set of parameters corresponding to the resource secured by the AD FS server for which it requires authorization.
client-request-id: OPTIONAL. The client can choose to specify this optional query parameter to specify a request ID which is used when logging errors or failures that occur while processing the request.
login_hint: OPTIONAL. The client can choose to specify this optional query parameter to provide a hint to the AD FS server about the login identifier the end user might use to log in.
domain_hint: OPTIONAL. The client can choose to specify this optional query parameter to provide a hint to the AD FS server about the backend authentication service the end user can log in to.
nonce: OPTIONAL. The client can choose to specify this optional query parameter. It is used in the same way as the nonce parameter defined in [OIDCCore] section 3.1.2.1.
prompt: OPTIONAL. The client can choose to specify this optional query parameter. It is used in the same way as the prompt parameter defined in [OIDCCore] section 3.1.2.1.
-
Note: Support for the prompt parameter depends on the AD FS server's ad_fs_behavior_level and the product version. See section 2.2.2 for support information.
max_age: OPTIONAL. The client can choose to specify this optional query parameter. It is used in the same way as the max_age parameter defined in [OIDCCore] section 3.1.2.1.
id_token_hint: OPTIONAL. The client can choose to specify this optional query parameter. It is used in the same way as the id_token_hint parameter defined in [OIDCCore] section 3.1.2.1.
amr_values: OPTIONAL. The client can choose to specify this optional query parameter to request that a particular authentication method be used to authenticate the user.
mfa_max_age: OPTIONAL. The client can choose to include this optional query parameter to specify the allowable elapsed time since the last time the user performed multiple factor authentication.
The request message for this method can contain the following optional HTTP headers. The header syntax is defined in section 2.2.1.
|
Request header |
Usage |
Value |
|---|---|---|
|
client-request-id |
This optional header is used to specify a request identifier which is used when logging errors or failures that occur while processing the request. If the client chooses to use the client-request-id query parameter, it SHOULD NOT set this HTTP header. |
A request identifier, which MUST be a GUID. |
The response message for this method does not contain any custom HTTP headers.
The response message for this method can result in the status codes defined in [RFC6749] section 4.1.2.