provider Idp POST /v1/idp/oauth/authorize
@utdk/stytch /v1/idp/oauth/authorize
Authorize
Completes a request for authorization of a Connected App to access a User's account. Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the [Preflight Check](https://stytch.com/docs/api/connected-apps-oauth-authorize-start) API. Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`. If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter. If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`. In both cases, redirect the user to the location for the response to be consumed by the Connected App. Exactly one of the following must be provided to identify the user granting authorization: - `user_id` - `session_token` - `session_jwt` If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the user's session for tracking purposes. One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/api/connected-app-access-token-exchange) flow.

Try it

Authentication
Configure credentials for Stytch API
Gateway
The gateway proxies requests and injects credentials server-side. Configure credentials above, then enter your gateway URL.

Saved automatically to browser storage.

apiIdpV1IdpOauthAuthorize
POST/v1/idp/oauth/authorize
Completes a request for authorization of a Connected App to access a User's account. Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the [Preflight Check](https://stytch.com/docs/api/connected-apps-oauth-authorize-start) API. Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`. If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter. If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`. In both cases, redirect the user to the location for the response to be consumed by the Connected App. Exactly one of the following must be provided to identify the user granting authorization: - `user_id` - `session_token` - `session_jwt` If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the user's session for tracking purposes. One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/api/connected-app-access-token-exchange) flow.

Input

required

Indicates whether the user granted the requested scopes.

required

An array of scopes requested by the client.

required

The ID of the Connected App client.

required

The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.

required

The OAuth 2.0 response type. For authorization code flows this value is `code`.

The unique ID of a specific User. You may use an `external_id` here if one is set for the user.

The `session_token` associated with a User's existing Session.

The `session_jwt` associated with a User's existing Session.

Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.

An opaque value used to maintain state between the request and callback.

A string used to associate a client session with an ID token to mitigate replay attacks.

A base64url encoded challenge derived from the code verifier for PKCE flows.

Enter a gateway URL above to enable sending.

Code snippet
Updates live as you fill in the form above.

TypeScript

import stytch from '@utdk/stytch';

await stytch.apiIdpV1IdpOauthAuthorize()