GET /oauth/auz/grants/{GrantID}/authcomplete

Supports redirect from the identity provider after the resource owner's login with the identity provider is complete.

Note: There are related operations that render the authorization page:

  • GET /oauth/auz/grants/provider/authcomplete{domainid:(/[^/]+?)?} (this operation) performs the same action using HTTP GET. You can use this if you do not need to maintain a static callback URI. The GrantID is a path parameter.
  • POST /oauth/auz/grants/provider/authcomplete{domainid:(/[^/]+?)?} performs the same action using HTTP POST. You can use this if you do not need to maintain a static callback URI and prefer to use HTTP POST. The GrantID is relayed in form URL-encoded POST content.

Corresponds to the Login Complete operation in the Login API, but relates to the resource owner's authentication with the Authorization Server, for the purposes of an OAuth grant, rather than authentication for the purpose of platform access.

Note: The operations in the Authorization Server Authorization Service are intended for use by the Resource Owner. There are corresponding operations in other services for other scenarios. Where applicable, use the corresponding operations in the OAuth Login service (Login Complete GET and POST).

Authorization Roles/Permissions: Anyone can run this operation.

This topic includes the following sections:

HTTP Method

GET

Back to top

URL

https://{oauth-provider-url}/oauth/auz/grants/{GrantID}/authcomplete

Back to top

Sample Request

The example below shows a call to this operation.

Request URL

https://{oauth-provider-url}/oauth/auz/grants/mehpkurlkhnn/auzcomplete

Sample request headers

GET /oauth/auz/grants/mehpkurlkhnn/auzcomplete HTTP/1.1
Host: {oauth-provider-hostname}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Sample request body

Not applicable.

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept This operation does not validate the Accept header. Any value is accepted. The operation returns html, to support the browser.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
GrantID Path string Required The unique ID for a specific instance of an OAuth grant.

Back to top

Response

If successful, this operation returns HTTP status code 200, with the cookie.

Back to top

Sample Response

The sample response below shows successful completion of this operation. The user is redirected to the application's redirect URL.

Sample response headers

Set-Cookie: AtmoAuthToken_{oauth-provider-hostname}: TokenID%3D480a3a7c-240e-11e5-a1b9-8945fbb2b0eb%2Cclaimed_id%3Durn%3Aacmepaymentscorp%3Auser%3Aacmepaymentscorp
%3A8fb17266-354a-4032-96fb-2208ae7b4da4%2CissueTime%3D1436207946162%2CexpirationTime%3D1436209746144%2CAttributesIncluded%3Dfalse%2CUser
FDN%3D8fb17266-354a-4032-96fb-2208ae7b4da4%252Eacmepaymentscorp%2CUserName%3Dadminacmepaymentscorp%2Csig%3Dd5YEgxmZQaCgfp64gs0EL1ttry
epO3kWTwu4gO12OxLF6sjpcrojVKUf0X8heu9eoi8WlEd9ZIN7vPNgi6pu-XZ883L-OkD9fYnN4ktbRPwHQ2Phaa1H1bXaCpfgpeI8q6uDjeqX_aw
H70N6-QQKrhF5n9Lm5PYCKciKNWTSWVooauthRedirectInfoCookie: %7B%22accessTokenUrl%22%3A%22%2Fapi%2Fdevconsole%2Foauth%2Faccesstoken%22
%2C%22providerEndpoint%22%3A%22%2Fapi%2Fdevconsole%2Foauth%2Faccesstoken%22%2C%22queryString%22%3A%22session_key%3Dapiv%253D090888
a5-27f8-454e-8319-c7900d1da4bc.acmepaymentscorp%2526scope%253DScope1%2526appRuntimeId%253D5tRKCWjfz599pLJ8Te4tvn1D.acmepaymentscorp
%2526granttype%253Dauthorization_code%2526policy_type%253DOAuth%2525202.0%2526appsecret%253De4d5949f72473acc151b34065f69169099ebe732
%2526appid%253Dacmepaymentscorp-5tRKCWjfz599pLJ8Te4tvn1D%2526token_url%253Dhttp%253A%252F%252F{oauth-provider-hostname}%252Foauth%252Foauth20%252Ftoken%
2526opname%253DGetDiscussions%2526policy_key%253Doauth%2526guid%253Daf880c48-1389-4da4-98e5-2fb29dcca155%2526auz_url%253Dhttp%253A
%252F%252F{hostname}%252Foauth%252Fauz%252Fauthorize%2526callback%253Dhttp%253A%252F%252F{hostname}%252Fui%252Fapps%252Facmepaymentscorp
%252F_VcuNfhlXb0PE8hHDxAx9OhA%252Fresources%252Fconsole%252Fglobal%252Foauthclientredirect.html%253Fdynamic%25253Dtrue
%2526signature_method%253DSharedSecret%2526apienv%253DProduction%2526token_verb%253DPOST%22%7D
OAuthToken_acmepaymentscorp: TokenID%3D57d30fc7-240e-11e5-a1b9-8945fbb2b0eb%2Cclaimed_id%3DLDAP_acmepaymentscorp%5Ceng100
%2CissueTime%3D1436207972636%2CexpirationTime%3D1436208572626%2Csig%3DlOsIenU6JM-dYquJKhKMdKarQRtef4ALY5Abuls7KV5jaPgWapM1w0Y
thq0I1hJvMJ7xlWj8haU3OvM4b6I3LgGWGvw5_Uws935JKLW57xiti_UC2IvxFDrAIg4xx2k-x-icqUDsWfVGNfjWlun43_uRM667RjGOkh_ZmU2xq0Q

Sample response body

None.

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type Returns text/html response.
OAuthToken_{OAuthProviderName} The OAuth cookie that identifies the logged-in user with the provider. Depending on the operation being used and the context, the authenticated user could be the resource owner, the administrator, the client app administration, or the OAuth Provider. The cookie is returned after logging in with the POST /oauth/login operation.

Back to top

Response Body

There is no response body. The important part of the response is the OAuth authentication cookie.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
500 An error occurred processing the call.

More information about Enterprise API Platform API error messages.

Back to top

Related Topics