Initiating Authentication
To initiate the authentication process, your application needs to redirect the user to the FuturePass authorization endpoint.
Steps:
Generate Code Verifier and Challenge: Use PKCE (Proof Key for Code Exchange) to enhance security.
Generate State and Nonce: These are used to prevent CSRF attacks and replay attacks, respectively.
Build Authorization URL: Include required parameters such as
response_type
,client_id
,redirect_uri
,scope
,code_challenge
,code_challenge_method
,state
, andnonce
.
Example Authorization URL:
Authorization Request Parameters
Parameter | Description |
---|---|
| Specifies the type of response. For authorization code flow, use |
| The client ID you obtained during client registration. |
| The URI to which the response will be sent. It must match the redirect URI registered with the client. |
| A space-separated list of scopes. Use |
| The PKCE code challenge. |
| The method used to generate the code challenge. Use |
| A random string to maintain state between the request and callback. Helps prevent CSRF attacks. |
| A random string to associate with the ID token. Helps prevent replay attacks. |
| Specifies how the result should be returned. For this example, use |
| Specifies whether the user should be prompted for reauthentication. |
|
|
Example Authorization Request URL
Last updated