OAuth Parameters

Many of the Akana OAuth operations take standard parameters defined either in the OAuth specification or the OpenID Connect specification (http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest).

Below is some information about these parameters, with links to specific portions of the specifications.

client_id
Unique identifier of the client application.
For OpenID Connect, see http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint.
client_secret
The client secret.
redirect_uri
The redirect URI of the client application where it receives the authorization code.
For OpenID Connect, see http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint.
authorization_endpoint
The URL of the OpenID Connect Provider's OAuth 2.0 Authorization Endpoint.
response_types
A JSON array containing a list of OAuth 2.0 response types supported by this provider.
For a standard definition in the context of OAuth, see http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-3.1.1; for OpenID Connect, see http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint.
scope
In the context of OAuth or OpenID Connect, a scope defines a set of one or more resources that the resource owner is granting access to.
For a standard definition in the context of OAuth, see http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-3.3 (for a description) and http://tools.ietf.org/html/draft-ietf-oauth-v2-31#appendix-A.4 (for syntax information). For OpenID Connect, see http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint.
state
A parameter that the client can use to avoid forgery attacks. The client sends this parameter, with a unique value. When authorization is complete, the client should check that the value returned matches the value sent. It is optional for the client to send this value; however, if the client sends it in the request, it must be returned in the response.
For OAuth, see:
For OpenID Connect, see http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint.
response_mode
In OpenID Connect, response_mode is a value that lets the Authorization Server know what mechanism to use for returning parameters from the Authorization Endpoint.
See http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint.
nonce
A random string that is uniquely generated for each request.
For OpenID Connect, see http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint.

Back to top

Related Topics