To initiate the authentication process, your application needs to redirect the user to the FuturePass authorization endpoint.
Steps:
response_type
, client_id
, redirect_uri
, scope
, code_challenge
, code_challenge_method
, state
, and nonce
.Example Authorization URL:
Authorization Request Parameters
Parameter | Description |
---|---|
response_type | Specifies the type of response. For authorization code flow, use code . |
client_id | The client ID you obtained during client registration. |
redirect_uri | The URI to which the response will be sent. It must match the redirect URI registered with the client. |
scope | A space-separated list of scopes. Use openid . |
code_challenge | The PKCE code challenge. |
code_challenge_method | The method used to generate the code challenge. Use S256 . |
state | A random string to maintain state between the request and callback. Helps prevent CSRF attacks. |
nonce | A random string to associate with the ID token. Helps prevent replay attacks. |
response_mode | Specifies how the result should be returned. For this example, use query . |
prompt | Specifies whether the user should be prompted for reauthentication. |
login_hint | email: , social:google , social:facebook |
Example Authorization Request URL
To initiate the authentication process, your application needs to redirect the user to the FuturePass authorization endpoint.
Steps:
response_type
, client_id
, redirect_uri
, scope
, code_challenge
, code_challenge_method
, state
, and nonce
.Example Authorization URL:
Authorization Request Parameters
Parameter | Description |
---|---|
response_type | Specifies the type of response. For authorization code flow, use code . |
client_id | The client ID you obtained during client registration. |
redirect_uri | The URI to which the response will be sent. It must match the redirect URI registered with the client. |
scope | A space-separated list of scopes. Use openid . |
code_challenge | The PKCE code challenge. |
code_challenge_method | The method used to generate the code challenge. Use S256 . |
state | A random string to maintain state between the request and callback. Helps prevent CSRF attacks. |
nonce | A random string to associate with the ID token. Helps prevent replay attacks. |
response_mode | Specifies how the result should be returned. For this example, use query . |
prompt | Specifies whether the user should be prompted for reauthentication. |
login_hint | email: , social:google , social:facebook |
Example Authorization Request URL