response_type | String The grant type preferred by the client. This parameter informs the authorization server how to respond to the client. Set to: code for the authorization code grant. When set to code, the response from authorization server must include an OAuth authentication code the client can exchange for an access token. token for an implicit grant type. When set to token, the response from authorization server includes an OAuth access token for the client. For more information about grant types, see
Usage Notes. |
client_id | String The client identifier generated by the authorization server when the client application is registered. The client_id is used to authenticate the client to the authorization server. |
redirect_uri | String Optional. The URI that the authorization server will use to redirect the client when the client is authorized. This parameter is required if the client is registered with more than one redirect URI. The value for redirect_uri must match one of the client's registered redirect URIs. |
scope | String Optional. The name of the scope associated with the client. The scope defines the level of access requested by the client. Specify the name of one or more scopes. Use a space to separate the name of the scopes. For example: scope1 scope2 scope3 The scopes you specify must already exist on the authorization server. For information about creating a scope, see
Defining Scopes.. |
state | String Optional. A unique string used to maintain the state between the request and callback. When the authorization server redirects the user to the redirect_uri, the value for state will be included in the response. Software AG recommends using this parameter to protect against cross-site request forgery (CSRF) attacks. |