GET /oauth/auth
Request access to a user's resources
This endpoint allows your app to request access to an authenticated Coil user's resources (such as profile information). The information you're allowed to request is based on the scope you are authorized to use.
GET https://coil.com/oauth/auth
info
You must register your app and receive a client_id and client_secret before calling this endpoint.
Basic flow
- Your app sends identifying information about itself to the Coil OIDC provider.
- The authenticated Coil user grants access to their resources and the OIDC provider returns an access code.
note
This step does not provide the user's actual resources, only confirmation (via presence of access token) that permission was granted to use the resources.
Request parameters
| Parameter | Type | Description |
|---|---|---|
| response_type | string | Tells the authorization server which grant to execute. The value must be code. |
| scope | string | simple_wm and openid. Also email if authorized. |
| client_id | string | You app's client_id. The client_id was assigned during registration. |
| state | string | A random string generated by your app for this authentication request. The value in the response is expected to match this value. It's used to verify that the redirect came from the Coil OIDC provider and to maintain continuity between sessions. |
| redirect_uri | string | The URI that our OIDC provider will redirect to after authentication is complete. It must match the redirect_uri set by your app during registration. |
| flow | string | Indicates whether the user sees the Login page or the Sign Up page if they aren't signed in to a Coil account. Possible values are login and signup. If a value isn't provided or is unrecognized, it defaults to login. |
Example requests based on scope
- simple_wm
https://coil.com/oauth/auth
?response_type=code
&scope=simple_wm openid
&client_id=314ac134-fc3c-4d28-bf43-ccb75a2f9fb2
&state=b5f1872f-9d32-5f31-819d-5a4daeab4ea9
&redirect_uri=https://example.com
&flow=signup
https://coil.com/oauth/auth
?response_type=code
&scope=simple_wm openid email
&client_id=314ac134-fc3c-4d28-bf43-ccb75a2f9fb2
&state=b5f1872f-9d32-5f31-819d-5a4daeab4ea9
&redirect_uri=https://example.com
Response parameters
After the Coil user authenticates, our OIDC provider redirects them to the redirect_uri provided in the query string.
Our OIDC provider further augments the URI with the parameters below. Your app must use these parameters to proceed with the authorization code flow.
| Parameter | Type | Description |
|---|---|---|
| code | string | An access code assigned by the OIDC provider. |
| state | string | The same random string that your app generated in the request. |
| scope | string | simple_wm and openid, or just openid. Also email if authorized. |
Example responses based on scope
- simple_wm
- openid
https://example.com/
?code=CU6LG36vKvVmUbF9QWFwj7F5zvY
&state=b5f1872f-9d32-5f31-819d-5a4daeab4ea9
&scope=simple_wm openid
https://example.com/
?code=CU6LG36vKvVmUbF9QWFwj7F5zvY
&state=b5f1872f-9d32-5f31-819d-5a4daeab4ea9
&scope=openid
https://example.com/
?code=CU6LG36vKvVmUbF9QWFwj7F5zvY
&state=b5f1872f-9d32-5f31-819d-5a4daeab4ea9
&scope=email
Next: Call POST /oauth/token to request an access token for the Coil user.