Guides

After you define the scopes that you want to require consent for, prepare an authentication or authorization request with the correct values for prompt and consent_method.

  1. Obtain the following values from your OpenID Connect application, both of which can be found on the application's General tab:

    • Client ID
    • Redirect URI
  2. Use the default Custom Authorization Server's authorization endpoint:

    Note: See Authorization Servers for more information on the types of authorization servers available to you and what you can use them for.

    A default Custom Authorization endpoint looks like this where the ${authServerId} is default:

     `https://${yourOktaDomain}/oauth2/default/v1/authorize`
    
  3. Add the following query parameters to the URL:

    • Your OpenID Connect application's client_id and redirect_uri
    • The openid and phone scopes
    • The response type, which for an ID token is id_token and an access token is token

    Note: The examples in this guide use the Implicit flow. For the Authorization Code flow, the response type is code. You can exchange an authorization code for an ID token and/or an access token using the /token endpoint.

    • Values for state and nonce, which can be anything

    Note: All of the values are fully documented on the Obtain an Authorization Grant from a user page.

    The resulting URL requesting an access token looks something like this:

    curl -X GET
    "https://${yourOktaDomain}/oauth2/${authServerId}/v1/authorize?client_id=examplefa39J4jXdcCwWA
    &response_type=token
    &scope=openid%20phone
    &redirect_uri=https%3A%2F%2FyourRedirectUriHere.com
    &state=myState
    &nonce=${myNonceValue}"
    

    Note: The response_type for an ID token looks like this: &response_type=id_token.

  4. Paste the request URL into a browser. The User Consent dialog box appears. Click Allow to create the grant.

    Note: The user only has to grant consent once for an attribute per authorization server.

Next:

Featured Guides