Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing response_mode parameter in API Explorer /authorize docs #10021

Open
eatplaysleep opened this issue Mar 3, 2022 · 0 comments
Open

Missing response_mode parameter in API Explorer /authorize docs #10021

eatplaysleep opened this issue Mar 3, 2022 · 0 comments

Comments

@eatplaysleep
Copy link

Description

Authorization Code Flow API Explorer is missing response_mode parameter.

response_mode (Optional) How the result of the authorization request is formatted. Values:
  • query - for Authorization Code grant. 302 Found triggers redirect.
  • fragment - for Implicit grant. 302 Found triggers redirect.
  • form_post - 200 OK with response parameters embedded in an HTML form as hidden parameters.
  • web_message - For Silent Authentication. Uses HTML5 web messaging.

...

The OAuth 2.0 Multiple Response Type Encoding Practices specification added a parameter that specifies how the result of the authorization request is formatted. This parameter is called response_mode. It is optional and can take the following values:

Value Description
query This is the default for Authorization Code grant. A successful response is 302 Found which triggers a redirect to the redirect_uri. The response parameters are embedded in the query component (the part after ?) of the redirect_uri in the Location header.For example:HTTP/1.1 302 FoundLocation: https://my-redirect-uri.callback?code=js89p2x1 where the authorization code is js89p21.
fragment This is the default for Implicit grant. A successful response is 302 Found, which triggers a redirect to the redirect_uri (which is a request parameter). The response parameters are embedded in the fragment component (the part after #) of the redirect_uri in the Location header.For example:HTTP/1.1 302 FoundLocation: https://my-redirect-uri/callback#access_token=eyB...78f&token_type=Bearer&expires_in=3600.
form_post The response mode is defined by the OAuth 2.0 Form Post Response Mode specification. A successful response is 200 OK and the parameters are embedded in an HTML form as hidden params. The action of the form is the redirect_uri and the onload attribute is configured to submit the form. After the HTML is loaded by the browser, a redirect to the redirect_uri is done.
web_message This response mode is defined in OAuth 2.0 Web Message Response Mode specification. It uses HTML5 Web Messaging instead of the redirect for the authorization response from the /authorization endpoint. This is particularly useful when using Silent Authentication. To do this response mode, you must register your app's URL at the Allowed Web Origins field in your Auth0 application settings.

See Authorization Endpoint docs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eatplaysleep