Skip to main content
GET
/
api
/
v1
/
authorization
Authorization Endpoint
curl --request GET \
  --url https://api.example.com/api/v1/authorization
{
  "Location": "<string>",
  "summary": "<string>",
  "details": "<string>"
}

Overview

The authorization endpoint serves as the entry point for the OAuth 2.0 authorization process. It provides the correct redirect to the concrete authorization method based on the configured client type.
When a request_uri provides access to a request object, all mandatory parameters can also be provided as part of that object.

Endpoint

GET /api/v1/authorization

Query Parameters

state
string
required
Session state identifier used to maintain state between the request and callback.Example: 274e7465-cc9d-4cad-b75f-190db927e56a
client_id
string
The identifier of the client/service that intends to start the authentication flow. Used to retrieve the scope and trust services for verification.Example: packet-delivery-portal
redirect_uri
string
The URI to redirect to after authorization is complete.Example: https://my-app.com/redirect
request_uri
string
URI pointing to a JWT request object containing the authorization request parameters.Example: https://my-app.com/request.jwt
scope
string
The scope of the access request. Defines what credentials or permissions are being requested.Example: openid
nonce
string
required
A unique string value used to associate a client session with an ID Token and to mitigate replay attacks.Example: 274e7465-cc9d-4cad-b75f-190db927e56a
response_type
string
The type of response expected. Currently only code is supported.Enum: code

Response

302 - Redirect

A redirect to the appropriate authorization entry point based on the client configuration:
  • DEEPLINK: Redirects to a same-device flow using an OID4VP deeplink
  • FRONTEND_V2: Redirects to the V2 login QR page at /api/v2/loginQR
Location
string
The redirect URL in the response header, pointing to the next step in the authorization flow.

400 - Bad Request

summary
string
Error summary message.
details
string
Detailed error description.

Examples

curl -X GET "https://verifier.example.com/api/v1/authorization?state=274e7465-cc9d-4cad-b75f-190db927e56a&client_id=packet-delivery-portal&redirect_uri=https://my-app.com/redirect&scope=openid&nonce=BfEte4DFdlmdO7a_fBiXTw&response_type=code" \
  -L

Common Errors

Missing Required Parameters: Ensure all required parameters (state, nonce) are provided. Missing parameters will result in a 400 Bad Request error.
Error CodeSummaryDetails
400no_state_providedAuthentication requires a state provided as query parameter.
400no_client_id_providedAuthentication requires a client-id provided as a parameter.
400no_scope_providedAuthentication requires a scope provided as a parameter.
400no_nonce_providedAuthentication requires a nonce provided as a query parameter.
400invalid_response_typeAuthentication requires the response_type to be code.
500unresolvable_request_objectWas not able to get the request object from the client.
500invalid_audienceAudience of the request object was invalid.

Implementation Notes

  • The endpoint supports two authorization types configured per client:
    • DEEPLINK: Initiates a same-device flow with OID4VP protocol
    • FRONTEND_V2: Redirects to the QR code presentation page
  • When using request_uri, the endpoint will fetch the JWT request object and extract parameters from it. The request object’s audience must include the verifier’s host.
  • The protocol (http/https) is automatically detected from the incoming request.

Build docs developers (and LLMs) love

Get started for freeTalk to us