start the process of obtaining a JWT
- 1 Minute to read
- Print
- DarkLight
start the process of obtaining a JWT
- 1 Minute to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Get
/oauth/authorize
This is an oauth2 compliant authorize endpoint (see https://tools.ietf.org/html/rfc6749) with the following limitations:
- Only grant code flow is allowed
- PKCE is mandatory i.e. you must generate a code_verifier (a randomly generated secret) and include its url safe base64 encoded SHA256 hash as the code_challenge parameter
- Only the S256 code challenge method is supported
- The redirect URI must be set to urn:ietf:wg:oauth:2.0:oob:auto
This api returns a grant code that can then be exchanged for a JWT
This will create a new profile in the dressipi database and should therefore only be used if no refresh token is available.
code_challenge is constructed in the following manner:
- Pick a random code_verifier value, for example 1tBnEmtSImyCykPHxHYBdzpSFhKEj0Q1LuiHd4fdDlY
- code challenge = Base64-url-encode(SHA256(code_verifier)): p7CN1Zi4o5ARn1mYNvNFvj2r5cKkr2k6y7a573eHJXQ in the example above
For more details on PKCE see https://tools.ietf.org/html/rfc7636, appendix A has the definition of base64-url-encode
Security
API Key
Header parameter namex-api-key
API Key
Header parameter namex-dressipi-jwt
The JWT for the user
Query parameters
redirect_uri
stringRequired
Valid values[ "urn:ietf:wg:oauth:2.0:oob:auto" ]
response_type
stringRequired
Valid values[ "code" ]
client_id
stringRequired
the api client id supplied by dressipi
state
stringRequired
a randomly generated state value
code_challenge
stringRequired
a urlsafe base64 encoded, SHA256 hash of the code verifier (a cryptographically secure randomly generated string).
code_challenge_method
stringRequired
Valid values[ "S256" ]
Responses
200
Information about the authorization
object
This is an oauth2 compliant authorize endpoint (see https://tools.ietf.org/html/rfc6749) with the following limitations:
- Only grant code flow is allowed
- PKCE is mandatory i.e. you must generate a code_verifier (a randomly generated secret) and include its URL safe base64 encoded SHA256 hash as the code_challenge parameter
- Only the S256 code challenge method is supported
- The redirect URI must be set to urn:ietf:wg:oauth:2.0:oob:auto
This api returns a grant code that can then be exchanged for a JWT
This will create a new profile in the dressipi database and should therefore only be used if no refresh token is available.
code_challenge is constructed in the following manner:
- Pick a random code_verifier value, for example 1tBnEmtSImyCykPHxHYBdzpSFhKEj0Q1LuiHd4fdDlY
- code challenge = Base64-url-encode(SHA256(code_verifier)): p7CN1Zi4o5ARn1mYNvNFvj2r5cKkr2k6y7a573eHJXQ in the example above
For more details on PKCE see https://tools.ietf.org/html/rfc7636, appendix A has the definition of base64-url-encode
code
string
The authorization code generated
ExamplepEcnKwHD0yF3pfu1U56EBo-QbBwPMcqOYtBr5LnYTjKdNzYUGIgzied-ux-vyul7
state
string
The state parameter initially provided. You must verify the matches the initially supplied value.
Examplea1F5Kdf5Dhn123
400
oauth2 error
object
Generic oauth error object
error
string
The error code (one of the error codes defined by https://tools.ietf.org/html/rfc6749#section-4.1
Exampleinvalid_request
error_description
string
A human readable description of the error
Was this article helpful?