Authorization

Description

The Authorization resource is used to initiate the process for obtaining an authorization code that can be used to obtain an access token.

The Authorization resource is the Web page where a user is to be directed to authenticate. Upon successful authentication, the user will be redirected to the specified redirect URI with the authorization "code" and "state" query parameters as defined by RFC 6749, Section 4.1.2. If authorization is unsuccessful, the user will be redirected to the specified redirect URI with the "error" query parameter as defined by RFC 6749, Section 4.1.2.1.

Operations

GET - Get the authorization page.

Produces - Specify a returned data format using the Accept header.
  • text/html
Parameters
Name Type Description
client_id query The FamilySearch application or developer key. Required.
code_challenge query This is the hashed and encoded random string described in the PKCE.
code_challenge_method query This should be set to "S256" if using a SHA 256 hash method. Set to "plain" if your application is unable to hash the code verifier.
redirect_uri query The URI to which the user will be directed with the result of the authentication. This parameter is optional. If provided, the URI must be pre-registered with the developer key. To register a URI, contact developer support.
response_type query The response type, which must have the value "code". Required.
scope query The scope of the request in the form of space-delimited case sensitive strings (optional). Specific scopes are defined with openidConnect.
state query Client state (optional).

POST - Get the authorization page.

Produces - Specify a returned data format using the Accept header.
  • text/html
Parameters
Name Type Description
client_id form The FamilySearch application or developer key. Required.
code_challenge form This is the hashed and encoded random string described in the PKCE.
code_challenge_method form This should be set to "S256" if using a SHA 256 hash method. Set to "plain" if your application is unable to hash the code verifier.
redirect_uri form The URI to which the user will be directed with the result of the authentication. This parameter is optional. If provided, the URI must be pre-registered with the developer key. To register a URI, contact developer support.
response_type form The response type, which must have the value "code". Required.
scope form The scope of the request in the form of space-delimited case sensitive strings (optional). Specific scopes are defined with openidConnect.
state form Client state (optional).

Example Requests

Initiate Authorization (Invalid Parameter) Example illustrating the result of invalid parameters when initiating the process for obtaining an OAuth 2 authorization code.

Change Language

Feedback

Sending...

Feedback was sent.

Can't send feedback. Retry in 5 seconds.