Implicit
This section describes how to procure an access token for authorization using the implicit as a grant type.
Resource Informations
| Name | Value | Description |
|---|---|---|
| Requires authentication? | No | Basic authentication is not required. A clientID must be given as a request parameter. |
| Rate limited? | No | Rate limited indicate how many requests a client can make in a time period |
HTTP request
POST https://{tenantId}.{hostname}/auth/realms/{tenantId}/protocol/openid-connect/auth
note
API requests must be made over https. Calls made over plain http will fail.
Request body (*Required)
| Parameter Name | Type | Description |
|---|---|---|
| Authorize URI* | List | The authorize URI on the authorization server is where an OpenID Connect flow starts. |
| Redirect URL* | String | Provide the URL where the user needs to be redirected on execution. |
| client_id* | String | The Client ID for which the access token is to be generated. |
| scope | String | The scope requested for the token. |
| Nonce | String | Autogenerated UUID. |
| Response Type* | String | Select the type of response that has to be received on execution. |
| Response Mode* | String | Select the type how the Authorization Server should return the result parameters from the Authorization Endpoint. |
Response
| Parameter Name | Type | Description |
|---|---|---|
| access_token | String | The newly created access token. |
| expires_in | Integer | Validity of the access token in seconds. |
| token_type | String | Indicates access token type. |
| session_state | Integer | The Client ID salted cryptographic hash, the root URL, and the browser state are all included in the session state value. Basically session_state value is used to monitor end user sessions. |
| scope | String | The scope requested for the token. |
Sample Response
{
"access_token": String,
"expires_in": Integer,
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": String,
"scope": String
}
Response Status Information
| Status Code | Status | Message |
|---|---|---|
| 200 | OK | OK |
| 400 | Bad Request | Client is not allowed to initiate browser login with given response_type. Implicit flow is disabled for the client. |
| 401 | Unauthorized | HTTP 401 Unauthorized |
| 404 | Not Found | Page not found |