OAuth 2.0 - Authenticated Requests

The authenticated request can be used to get the authorization code token for accessing the owner resources in the system. The request made to the authorization endpoint results in the user authentication and provides clear credentials when sending a request to the authorization endpoint.

The authenticated request contains the following parameters −

• response_type − It is a required parameter used to set the value as 'code' which is used for requesting the authorization code. If there is no 'response_ type' parameter in the authorization request, then the authorization server returns an error response. The authorization request may fail due to invalid or mismatch redirect URI or an invalid client identifier.

• client_id − It is a required parameter that identifies the client, which is assigned by the authorization server. This is unique to the authorization server. The authorization server may take any type of credentials by gathering its security requirements. The client application should not use more than one authentication method in each request.

• redirect_uri − It is an optional parameter, which includes redirection URI with the authorization request. When the authorization request includes the redirection URI, it matches the value of the registered redirection URIs.

• scope − It is an optional parameter that specifies the scope of the request. The authorization grant can be used as client credentials, when the authorization scope is restricted to control the protected resources of the client. The scope parameter should not include the resource owner information because they may communicate with the insecure channel or can be stored insecurely.

• state − It is an optional parameter. The state value can be used when redirecting the user agent back to the client by using the authorization server. If the authorization request includes state value, then it returns the exact value from the client.