Authorization

Description

Redirects the user to Ellipsis Drive to give authorization.

Endpoint

/oauth/authorize

Method

GET

Parameters

Name
Description
Required

response_type

Must be "code" to emphasize that the authorization code grant type is used.

client_id

The client id given during the client registration.

redirect_uri

The location to which to redirect the user after the completion of the authorization. This redirect location must exactly match one of the registered redirect uri's. If only one redirect uri is registered this argument becomes optional and the only exisiting redirect uri will be used as default.

false

scope

A string seperated list of the requested scopes. Currently "projects" is both the default and only supported scope, which allows the use of all API calls except those in /settings/account.

false

state

A random string used by the client to avoid CSRF attacks.

false

code_challenge

The code challenge of the PKCE. If this argument is omitted PKCE will not be used.

false

code_challenge_method

The method used to transform the code verifier to the code challenge. Required if a code challenge is given. Must be one of 'plain' or 'S256'. Defaults to 'plain' when a code challenge is given.

false

This call will redirect the user to the Ellipsis Drive authorization page for the authorization of the requested scope. If the authorization is completed successfully the user is redirected to the redirect URI with query parameters code, containing an authorization code that is valid for 1 minute, and state (if supplied in the request) that should be checked to avoid CSRF attacks. Alternatively, if an error occurs during the authorization the user is redirected to the given redirect URI if possible, with query parameters error, error_description and state describing why the process failed (e.g. error='access_denied', error_description='The user has refused access.').

Last updated