authorize
This is the browser URL to redirect an end user to in order to acquire the user’s consent for your app to access the specified resources.
Note: You do not call this URL directly in your server code. See the Get a 3-Legged Token with Authorization Code Grant and Get a 3-Legged Token with Implicit Grant tutorials for more information on how to use this endpoint.
Resource Information
Method and URI | GET https://developer.api.autodesk.com/authentication/v1/authorize |
Rate Limit | 500 calls per minute |
Request
Query String Parameters
client_id* string | Client ID of the app |
response_type* string | The value MUST be either code for authorization code grant flow or
token for implicit grant flow. |
redirect_uri* string | URL-encoded callback URL that the end user will be redirected to after completing the authorization flow,
which can include query parameters and any other valid URL construct
Note: This must match the pattern of the callback URL field of the app’s registration in the
My Apps section. The pattern may include wildcards after the hostname, allowing
different
redirect_uri values to be specified in different parts of your app. |
scope string | A URL-encoded, space-separated list of requested scopes
Note: A URL-encoded space is
%20 .* See the Scopes
page for more information on when scopes are required.
|
state string | A URL-encoded payload containing arbitrary data that the authentication flow will pass back verbatim in
a
state query parameter to the callback URL |
prompt string | The value MUST be
login . The application prompts the user for authentication every time if,
this query parameter is applied/placed in the URL. |
Response
The response is an HTML payload consisting of the authorization flow for the end user.
Example 1
An HTML Link in a Web App for Authorization Code Grant
Request
<a href="https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id=obQDn8P0GanGFQha4ngKKVWcxwyvFAGE&redirect_uri=http%3A%2F%2Fsampleapp.com%2Foauth%2Fcallback%3Ffoo%3Dbar&scope=data:read">Click here to grant access to your data!</a>
That href
attribute is a bit difficult to read. Let’s break it down:
https://developer.api.autodesk.com/authentication/v1/authorize
This is the endpoint URI and should be used verbatim.
response_type=code
This is what tells the OAuth server that you’re using the “Authentication Code” grant type and should be used verbatim.
client_id=obQDn8P0GanGFQha4ngKKVWcxwyvFAGE
Replace the value here with your app’s client ID.
redirect_uri=http%3A%2F%2Fsampleapp.com%2Foauth%2Fcallback%3Ffoo%3Dbar
This is the URL-encoded callback URL you want the user redirected to after they grant consent. In this example, that URL is
http://sampleapp.com/oauth/callback?foo=bar
. Replace the value here with the appropriate URL for your web app. Note that it must match the pattern specified for the callback URL in your app’s registration in the Forge portal.scope=data:read
This requests the
data:read
scope. You can leave this value as it is for the purpose of this example, but in your own app, you should request one or more scopes you actually need. If you need to include multiple scopes, you can include them all as space-delimited items. For example:scope=data:create%20data:read%20data:write
includesdata:read
,data:write
, anddata:create
scopes.
Clicking on this link will take the user to the OAuth consent page, and when consent has been granted, the user will be redirected back to your callback URL (redirect_uri
) with an additional code
query parameter that contains the authorization code: http://sampleapp.com/oauth/callback?foo=bar&code=wroM1vFA4E-Aj241-quh_LVjm7UldawnNgYEHQ8I
Example 2
An HTML Link in a Web App for Implicit Grant
Request
<a href="https://developer.api.autodesk.com/authentication/v1/authorize?response_type=token&client_id=obQDn8P0GanGFQha4ngKKVWcxwyvFAGE&redirect_uri=http%3A%2F%2Fsampleapp.com%2Foauth2%2Fcallback&scope=data:read">Click here to grant access to your data!</a>
That href
attribute is a bit difficult to read. Let’s break it down:
https://developer.api.autodesk.com/authentication/v1/authorize
This is the endpoint URI and should be used verbatim.
response_type=token
This is what tells the OAuth server that you’re using the
Implicit
grant type and should be used verbatim.client_id=obQDn8P0GanGFQha4ngKKVWcxwyvFAGE
Replace the value here with your app’s client ID.
redirect_uri=http%3A%2F%2Fsampleapp.com%2Foauth2%2Fcallback
This is the URL-encoded callback URL you want the user redirected to after they grant consent. In this example, that URL is
http://sampleapp.com/oauth/callback
. Replace the value here with the appropriate URL for your web app. Note that it must match the pattern specified for the callback URL in your app’s registration in the Forge portal.scope=data:read
This requests the
data:read
scope. You can leave this value as it is for the purpose of this example, but in your own app, you should request one or more scopes you actually need. If you need to include multiple scopes, you can include them all as space-delimited items. For example:scope=data:create%20data:read%20data:write
includesdata:read
,data:write
, anddata:create
scopes.
Clicking on this link will take the user to the OAuth consent page, and when consent has been granted, the user will be redirected back to your callback URL (redirect_uri
) with an additional access_token
query parameter that contains the access token: http://sampleapp.com/oauth/callback?foo=bar&access_token=wroM1vFA4E-Aj241-quh_LVjm7UldawnNgYEHQ8I