Authorization endpoint¶
Endpoint URL: GET /oauth2/authorize
Responsible for handling request after user clicks login by Onet Konto button, you will have to configure query parameters of this endpoint.
After visiting this URL users will be redirected to SSO domain and checked if they are logged in to Onet Konto. If users are logged in, they will be redirected directly to redirect_uri - specified when registering your service in Onet Konto.
If not they will first see first a login form and then be redirected.
Request¶
$ curl --location --request GET 'https://connect.okonto.pl/oauth2/authorize?client_id=www.example.com.front.onetapi.pl&response_type=code&redirect_uri=http://www.example.com/callback&state=hello'
Parameters:
client_id- unique identifier of your serviceresponse_type- value must be set to coderedirect_uri- value you provided when registering service(optional)
state- value shared between requests
Note
If state is present, it will be added to your redirect_uri.
You can use it for example to remember exact webpage URL, before redirection.
Response¶
GET http://www.example.com/callback?code=11fcb623bd60dc516693e44c9da9efc6ffb2debc0add36ec6d510d9f7522b506cs&state=hello
Authorization endpoint redirects user browser to endpoint specified as redirect_uri.
Remember redirect_uri you provided, when registering your service and redirect_uri
given as parameter in authorization request should match.
In your app you will need to create handler for redirect_uri. In query string parameters you will receive code and state.
Errors handling¶
Endpoint returns errors in two ways depending on problems encountered:
If there is no
client_idgiven orclient_idis wrong orredirect_uriparameter given in request does not match with redirect uri specified when registering service.400 BAD_REQUESTwill be returned.If client_id and redirect_uri are valid,
302 FOUNDwill be returned and errors will be added as query parameters to redirect_uri with following messages: invalid_response_type - when response_type is different than code