GET /oauth/auz/grants/{GrantID}/authcomplete
Supports redirect from the identity provider after the resource owner's login with the identity provider is complete.
There are these related operations that render the authorization page:
- GET /oauth/auz/grants/provider/authcomplete{domainid:(/[^/]+?)?} (this operation) performs the same action using HTTP GET. You can use this if you do not need to maintain a static callback URI. The GrantID is a path parameter.
- POST /oauth/auz/grants/provider/authcomplete{domainid:(/[^/]+?)?} performs the same action using HTTP POST. You can use this if you do not need to maintain a static callback URI and prefer to use HTTP POST. The GrantID is relayed in form URL-encoded POST content.
Corresponds to the Login Complete operation in the Login API, but relates to the resource owner's authentication with the Authorization Server, for the purposes of an OAuth grant, rather than authentication for the purpose of platform access.
Note: The operations in the Authorization Server Authorization Service are intended for use by the Resource Owner. There are corresponding operations in other services for other scenarios. Where applicable, use the corresponding operations in the OAuth Login service (Login Complete GET and POST).
Authorization Roles/Permissions: Anyone can run this operation.
This topic includes the following sections:
HTTP Method
GET
URL
https://{oauth-provider-url}/oauth/auz/grants/{GrantID}/authcomplete
Sample Request
The example below shows a call to this operation.
Sample Request URL
https://{oauth-provider-url}/oauth/auz/grants/mehpkurlkhnn/auzcomplete
Sample request headers
GET /oauth/auz/grants/mehpkurlkhnn/auzcomplete HTTP/1.1
Host: {oauth-provider-hostname}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Sample request body
Not applicable.
Request Headers
For general information on request header values, refer to HTTP Request Headers.
| Header | Description |
|---|---|
| Accept | This operation does not validate the Accept header. Any value is accepted. The operation returns html, to support the browser. |
Request Parameters
| Parameter | Parm Type | Data Type | Required | Description |
|---|---|---|---|---|
| GrantID | Path | string | Required | The unique ID for a specific instance of an OAuth grant. |
Response
If successful, this operation returns HTTP status code 200, with the cookie.
Sample Response
The sample response below shows successful completion of this operation. The user is redirected to the application's redirect URL.
Sample response headers
Set-Cookie: AtmoAuthToken_{oauth-provider-hostname}: TokenID%3D480a3a7c-240e-11e5-a1b9-8945fbb2b0eb%2Cclaimed_id%3Durn%3Aacmepaymentscorp%3Auser%3Aacmepaymentscorp
%3A8fb17266-354a-4032-96fb-2208ae7b4da4%2CissueTime%3D1436207946162%2CexpirationTime%3D1436209746144%2CAttributesIncluded%3Dfalse%2CUser
FDN%3D8fb17266-354a-4032-96fb-2208ae7b4da4%252Eacmepaymentscorp%2CUserName%3Dadminacmepaymentscorp%2Csig%3Dd5YEgxmZQaCgfp64gs0EL1ttry
epO3kWTwu4gO12OxLF6sjpcrojVKUf0X8heu9eoi8WlEd9ZIN7vPNgi6pu-XZ883L-OkD9fYnN4ktbRPwHQ2Phaa1H1bXaCpfgpeI8q6uDjeqX_aw
H70N6-QQKrhF5n9Lm5PYCKciKNWTSWVooauthRedirectInfoCookie: %7B%22accessTokenUrl%22%3A%22%2Fapi%2Fdevconsole%2Foauth%2Faccesstoken%22
%2C%22providerEndpoint%22%3A%22%2Fapi%2Fdevconsole%2Foauth%2Faccesstoken%22%2C%22queryString%22%3A%22session_key%3Dapiv%253D090888
a5-27f8-454e-8319-c7900d1da4bc.acmepaymentscorp%2526scope%253DScope1%2526appRuntimeId%253D5tRKCWjfz599pLJ8Te4tvn1D.acmepaymentscorp
%2526granttype%253Dauthorization_code%2526policy_type%253DOAuth%2525202.0%2526appsecret%253De4d5949f72473acc151b34065f69169099ebe732
%2526appid%253Dacmepaymentscorp-5tRKCWjfz599pLJ8Te4tvn1D%2526token_url%253Dhttp%253A%252F%252F{oauth-provider-hostname}%252Foauth%252Foauth20%252Ftoken%
2526opname%253DGetDiscussions%2526policy_key%253Doauth%2526guid%253Daf880c48-1389-4da4-98e5-2fb29dcca155%2526auz_url%253Dhttp%253A
%252F%252F{hostname}%252Foauth%252Fauz%252Fauthorize%2526callback%253Dhttp%253A%252F%252F{hostname}%252Fui%252Fapps%252Facmepaymentscorp
%252F_VcuNfhlXb0PE8hHDxAx9OhA%252Fresources%252Fconsole%252Fglobal%252Foauthclientredirect.html%253Fdynamic%25253Dtrue
%2526signature_method%253DSharedSecret%2526apienv%253DProduction%2526token_verb%253DPOST%22%7D
OAuthToken_acmepaymentscorp: TokenID%3D57d30fc7-240e-11e5-a1b9-8945fbb2b0eb%2Cclaimed_id%3DLDAP_acmepaymentscorp%5Ceng100
%2CissueTime%3D1436207972636%2CexpirationTime%3D1436208572626%2Csig%3DlOsIenU6JM-dYquJKhKMdKarQRtef4ALY5Abuls7KV5jaPgWapM1w0Y
thq0I1hJvMJ7xlWj8haU3OvM4b6I3LgGWGvw5_Uws935JKLW57xiti_UC2IvxFDrAIg4xx2k-x-icqUDsWfVGNfjWlun43_uRM667RjGOkh_ZmU2xq0Q
Sample response body
None.
Response Headers
For general information on response header values, refer to HTTP Response Headers.
| Header | Description |
|---|---|
| Content-Type | Returns text/html response. |
| Cookie | OAuthToken_{OAuthProviderName}—The OAuth cookie that identifies the logged-in user with the provider. Depending on the operation being used and the context, the authenticated user could be the resource owner, the administrator, the client app administration, or the OAuth Provider. The cookie is returned after logging in with the POST /oauth/login operation. |
Response Body
There is no response body. The important part of the response is the OAuth authentication cookie.
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
| Item | Value |
|---|---|
| 500 | An error occurred processing the call. |
More information about Akana OAuth API error messages.
