class Stytch::IDP::OAuth
def authorize(
A one-time use code that can be exchanged for tokens.
authorization_code::
The type of this field is +Integer+.
(no documentation yet)
status_code::
The type of this field is +String+.
The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
redirect_uri::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable list of +String+.
(no documentation yet)
resources::
The type of this field is nilable +String+.
A base64url encoded challenge derived from the code verifier for PKCE flows.
code_challenge::
The type of this field is nilable +String+.
A string used to associate a client session with an ID token to mitigate replay attacks.
nonce::
The type of this field is nilable +String+.
An opaque value used to maintain state between the request and callback.
state::
The type of this field is nilable +String+.
Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
prompt::
The type of this field is nilable +String+.
The `session_jwt` associated with a User's existing Session.
session_jwt::
The type of this field is nilable +String+.
The `session_token` associated with a User's existing Session.
session_token::
The type of this field is nilable +String+.
The unique ID of a specific User. You may use an `external_id` here if one is set for the user.
user_id::
The type of this field is +String+.
The OAuth 2.0 response type. For authorization code flows this value is `code`.
response_type::
The type of this field is +String+.
The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
redirect_uri::
The type of this field is +String+.
The ID of the Connected App client.
client_id::
The type of this field is list of +String+.
An array of scopes requested by the client.
scopes::
The type of this field is +Boolean+.
Indicates whether the user granted the requested scopes.
consent_granted::
== Parameters:
One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/api/connected-app-access-token-exchange) flow.
If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the user's session for tracking purposes.
- `session_jwt`
- `session_token`
- `user_id`
Exactly one of the following must be provided to identify the user granting authorization:
In both cases, redirect the user to the location for the response to be consumed by the Connected App.
If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`.
If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter.
Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`.
[Preflight Check](https://stytch.com/docs/api/connected-apps-oauth-authorize-start) API.
Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the
Completes a request for authorization of a Connected App to access a User's account.
def authorize( consent_granted:, scopes:, client_id:, redirect_uri:, response_type:, user_id: nil, session_token: nil, session_jwt: nil, prompt: nil, state: nil, nonce: nil, code_challenge: nil, resources: nil ) headers = {} request = { consent_granted: consent_granted, scopes: scopes, client_id: client_id, redirect_uri: redirect_uri, response_type: response_type } request[:user_id] = user_id unless user_id.nil? request[:session_token] = session_token unless session_token.nil? request[:session_jwt] = session_jwt unless session_jwt.nil? request[:prompt] = prompt unless prompt.nil? request[:state] = state unless state.nil? request[:nonce] = nonce unless nonce.nil? request[:code_challenge] = code_challenge unless code_challenge.nil? request[:resources] = resources unless resources.nil? post_request('/v1/idp/oauth/authorize', request, headers) end
def authorize_start(
(no documentation yet)
status_code::
The type of this field is list of +ScopeResult+ (+object+).
Details about each requested scope.
scope_results::
The type of this field is +Boolean+.
Whether the user must provide explicit consent for the authorization request.
consent_required::
The type of this field is +ConnectedAppPublic+ (+object+).
(no documentation yet)
client::
The type of this field is +User+ (+object+).
The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.
user::
The type of this field is +String+.
The unique ID of the affected User.
user_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable +String+.
Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
prompt::
The type of this field is nilable +String+.
The `session_jwt` associated with a User's existing Session.
session_jwt::
The type of this field is nilable +String+.
The `session_token` associated with a User's existing Session.
session_token::
The type of this field is nilable +String+.
The unique ID of a specific User. You may use an `external_id` here if one is set for the user.
user_id::
The type of this field is list of +String+.
An array of scopes requested by the client.
scopes::
The type of this field is +String+.
The OAuth 2.0 response type. For authorization code flows this value is `code`.
response_type::
The type of this field is +String+.
The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
redirect_uri::
The type of this field is +String+.
The ID of the Connected App client.
client_id::
== Parameters:
One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/api/connected-app-access-token-exchange) flow.
If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the user's session for tracking purposes.
- `session_jwt`
- `session_token`
- `user_id`
Exactly one of the following must be provided to identify the user granting authorization:
Use this response to prompt the user for consent (if necessary) before calling the [Submit OAuth Authorization](https://stytch.com/docs/api/connected-apps-oauth-authorize) endpoint.
- A list of scopes the user has the ability to grant the Connected App
- Whether _explicit_ user consent must be granted before proceeding with the authorization
- A public representation of the Connected App requesting authorization
This endpoint returns:
relevant information for rendering an OAuth Consent Screen.
This endpoint validates various fields (`scope`, `client_id`, `redirect_uri`, `prompt`, etc...) are correct and returns
Call this endpoint using the query parameters from an OAuth Authorization request.
Initiates a request for authorization of a Connected App to access a User's account.
def authorize_start( client_id:, redirect_uri:, response_type:, scopes:, user_id: nil, session_token: nil, session_jwt: nil, prompt: nil ) headers = {} request = { client_id: client_id, redirect_uri: redirect_uri, response_type: response_type, scopes: scopes } request[:user_id] = user_id unless user_id.nil? request[:session_token] = session_token unless session_token.nil? request[:session_jwt] = session_jwt unless session_jwt.nil? request[:prompt] = prompt unless prompt.nil? post_request('/v1/idp/oauth/authorize/start', request, headers) end
def initialize(connection)
def initialize(connection) @connection = connection end