Request access to a user's resources
This endpoint allows your app to request access to an authenticated Coil user's resources (such as profile information). The information you're allowed to request is based on the scope you are authorized to use.
You must register your app and receive a
client_secret before calling this endpoint.
- Your app sends identifying information about itself to the Coil OIDC provider.
- The authenticated Coil user grants access to their resources and the OIDC provider returns an access code.
This step does not provide the user's actual resources, only confirmation (via presence of access token) that permission was granted to use the resources.
|response_type||string||Tells the authorization server which grant to execute. The value must be |
|client_id||string||You app's |
|state||string||A random string generated by your app for this authentication request. The value in the response is expected to match this value. It's used to verify that the redirect came from the Coil OIDC provider and to maintain continuity between sessions.|
|redirect_uri||string||The URI that our OIDC provider will redirect to after authentication is complete. It must match the |
Example requests based on scope
After the Coil user authenticates, our OIDC provider redirects them to the
redirect_uri provided in the query string.
Our OIDC provider further augments the URI with the parameters below. Your app must use these parameters to proceed with the authorization code flow.
|code||string||An access code assigned by the OIDC provider.|
|state||string||The same random string that your app generated in the request.|
Example responses based on scope
POST /oauth/token to request an access token for the Coil user.