OIDC Authorize Endpoint

The authorize endpoint is the entry point for the OIDC authentication flow. It initiates the process of authenticating a user and obtaining their consent for sharing information.

• Base URL: https://apx.didit.me
• Endpoint: /auth/v2/authorize
• Method: GET

Request

Query Parameters

• client_id (required): The identifier of the client application.
• redirect_uri (required): The URI to redirect the user after authentication.
• response_type (required): Must be set to "code" for the authorization code flow.
• scope (required): Space-separated list of requested scopes. Must include "openid".
• state (recommended): An opaque value used to maintain state between the request and the callback.
• nonce (optional): String value used to associate a Client session with an ID Token.

Example Request

GET /auth/v2/authorize?
    client_id=your_client_id&
    redirect_uri=https://your-app.com/callback&
    response_type=code&
    scope=openid profile email&
    state=random_state_string&
    nonce=random_nonce_string
Host: apx.didit.me

Response

The authorize endpoint doesn't directly return a response. Instead, it initiates the authentication flow:

1. Generates a unique session URL.
2. Returns session information to the authorization client.
3. The authorization client displays a QR code containing the session URL.

QR Code Content

The QR code should contain a URL in the following format:

https://app.didit.me/authorize/{session_token}

After QR Code Scan

After the user scans the QR code and confirms the data sharing:

1. The authorization server updates the session status to "confirmed".
2. The authorization client polls the /session/{session_id}/status endpoint.
3. When confirmed, the server generates an authorization code.
4. The user is redirected to the redirect_uri with the authorization code and state.

Redirect Example

https://your-app.com/callback?code=authorization_code&state=random_state_string