Authorize · Stytch API · Aprovan Registry

provider B2B Idp POST /v1/b2b/idp/oauth/authorize

@utdk/stytch /v1/b2b/idp/oauth/authorize

Authorize

Completes a request for authorization of a Connected App to access a Member's account. Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the [Preflight Check](https://stytch.com/docs/b2b/api/connected-apps-oauth-authorize-start) API. Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`. If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter. If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`. In both cases, redirect the Member to the location for the response to be consumed by the Connected App. Exactly one of the following must be provided to identify the Member granting authorization: - `organization_id` + `member_id` - `session_token` - `session_jwt` If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the Member's session for tracking purposes. One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/b2b/api/connected-app-access-token-exchange) flow.

Try it

Authentication

Configure credentials for Stytch API

Gateway

The gateway proxies requests and injects credentials server-side. Configure credentials above, then enter your gateway URL.

Execution Mode

Gateway URL

Saved automatically to browser storage.

apiB2bIdpV1B2bIdpOauthAuthorize

POST/v1/b2b/idp/oauth/authorize

Input

consent_grantedrequired

Indicates whether the user granted the requested scopes.

false

scopesrequired

An array of scopes requested by the client.

client_idrequired

The ID of the Connected App client.

redirect_urirequired

The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.

response_typerequired

The OAuth 2.0 response type. For authorization code flows this value is `code`.

organization_id

Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

member_id

Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.

session_token

A secret token for a given Stytch Session.

session_jwt

The JSON Web Token (JWT) for a given Stytch Session.

prompt

Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.

state

An opaque value used to maintain state between the request and callback.

nonce

A string used to associate a client session with an ID token to mitigate replay attacks.

code_challenge

A base64url encoded challenge derived from the code verifier for PKCE flows.

resources

Enter a gateway URL above to enable sending.

Code snippet

Updates live as you fill in the form above.

TypeScript

import stytch from '@utdk/stytch';

await stytch.apiB2bIdpV1B2bIdpOauthAuthorize()