response_type | String The grant type preferred by the client. This parameter informs the authorization server how to respond to the client. Set to: code for the authorization code grant. When set to code, the response from authorization server must include an OAuth authentication code the client can exchange for an access token. token for an implicit grant type. When set to token, the response from authorization server includes an OAuth access token for the client. For more information about grant types, see
Usage Notes. |
client_id | String The client identifier generated by the authorization server when the client application is registered. The client_id is used to authenticate the client to the authorization server. |
redirect_uri | String. Optional. The URI that the authorization server will use to redirect the client when the client is authorized. This parameter is required if the client is registered with more than one redirect URI. The value for redirect_uri must match one of the client's registered redirect URIs. |
scope | String Optional. The name of the scope associated with the client. The scope defines the level of access requested by the client. Specify the name of one or more scopes. Use a space to separate the name of the scopes. For example: scope1 scope2 scope3 The scopes you specify must already exist on the authorization server. For information about creating a scope, see the section Defining Scopes in the webMethods Integration Server Administrator’s Guide.
Defining Scopes.. |
code_challenge | String Optional. The transformed version of the code_verifier created by the client application. When Integration Server requires PKCE for public clients using the authorization code grant type, the code_challenge input parameter is required. Integration Server requires PKCE for a public client when the Require PKCE option on the Security > OAuth page is set to yes. |
code_challenge_method | String Optional. The method used to transform the code_verifier created by the client application. Set to: plain. This is the default. S256 When code_challenge_method is plain, the code_challenge value is the same as the code_verifier. |
state | String. Optional. A unique string used to maintain the state between the request and callback. When the authorization server redirects the user to the redirect_uri, the value for state will be included in the response. Software AG recommends using this parameter to protect against cross-site request forgery (CSRF) attacks. |