API ReferenceApplications
POST
/oauth2/v1/{project_id}/authorize

Path Parameters

project_id*string

Request Body

application/json

response_type?string

response_type, scope and state are required for OIDC but marked optional so a PAR client may omit them from the outer authorize request and carry them via request_uri (RFC 9126 §4). The resolved values are enforced in OIDCService.OIDCAuthZEndpointStart (after applyPARToOIDCAuthZRequest): response_type and state must be present, scope must contain "openid". The PAR push (handleOIDCPAR) requires the same fields up front for fail-fast.

scope?string
client_id?string
state?string
redirect_uri?string
code_challenge_method?string

PKCE

code_challenge?string
dynamic_val?string
nonce?string
ssoAppId?string
loginHint?string
prompt?string
flow?string
flow_token?string
tenant?string
style?string
dpop_jkt?string
request_uri?string
project_id?string

OIDC POST authorization endpoint start (by projectId, for an imported client_id)

curl -X POST "https://api.descope.com/oauth2/v1/string/authorize" \  -H "Content-Type: application/json" \  -d '{}'
{}
export interface Response {}
Was this helpful?

OIDC Authorize GET

OIDC GET authorization endpoint start (by projectId, for an imported client_id)

OIDC Device POST

OIDC device endpoint (by projectId, for an imported client_id)