Skip to main content

GET /oauth/auth

Request access to a user's resources

This endpoint allows your app to request access to an authenticated Coil user's resources (such as profile information). The information you're allowed to request is based on the scope you are authorized to use.



You must register your app and receive a client_id and client_secret before calling this endpoint.

Basic flow

  1. Your app sends identifying information about itself to the Coil OIDC provider.
  2. The authenticated Coil user grants access to their resources and the OIDC provider returns an access code.

    This step does not provide the user's actual resources, only confirmation (via presence of access token) that permission was granted to use the resources.

Request parameters

response_typestringTells the authorization server which grant to execute. The value must be code.
scopestringsimple_wm and openid. Also email if authorized.
client_idstringYou app's client_id. The client_id was assigned during registration.
statestringA random string generated by your app for this authentication request. The value in the response is expected to match this value. It's used to verify that the redirect came from the Coil OIDC provider and to maintain continuity between sessions.
redirect_uristringThe URI that our OIDC provider will redirect to after authentication is complete. It must match the redirect_uri set by your app during registration.
flowstringIndicates whether the user sees the Login page or the Sign Up page if they aren't signed in to a Coil account. Possible values are login and signup. If a value isn't provided or is unrecognized, it defaults to login.

Example requests based on scope
&scope=simple_wm openid

Response parameters

After the Coil user authenticates, our OIDC provider redirects them to the redirect_uri provided in the query string.

Our OIDC provider further augments the URI with the parameters below. Your app must use these parameters to proceed with the authorization code flow.

codestringAn access code assigned by the OIDC provider.
statestringThe same random string that your app generated in the request.
scopestringsimple_wm and openid, or just openid. Also email if authorized.

Example responses based on scope
&scope=simple_wm openid

Next: Call POST /oauth/token to request an access token for the Coil user.