Open Menu

© 2018 Capita Business Services Ltd. All rights reserved.

Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.

Product / Web - SIMS ID Based APIs / Authorisation Endpoint

Authorisation Endpoint

The authorisation endpoint can be used to request either access tokens or authorisation codes (implicit and authorisation code flow). You can use a web browser or a web view to start the process.

Supported Parameters

  • client_id (required) - identifier of the client
  • scope (required) - one or more registered scopes
  • redirect_uri (required) - this must exactly match one of the allowed redirect URIs for that client
  • response_type (required):
    • code requests an authorisation code
    • token requests an access token (only resource scopes are allowed)
    • id_token token requests an identity token and an access token (both resource and identity scopes are allowed)
  • response_mode (optional) - form_post sends the token response as a form post instead of a fragment encoded redirect
  • state (recommended) - our authorisation server will echo back the state value on the token response, this is for correlating request and response
  • nonce (required for identity tokens using implicit flow) - our authorisation server will echo back the nonce value in the identity token, this is for correlating the token to the request)
  • prompt (optional):
    • none no UI will be shown during the request. If this is not possible (e.g. because the user has to sign in or consent) an error is returned
    • login the login UI will be shown, even if the user is already signed-in and has a valid session
  • code_challenge (required when using proof keys) - sends the code challenge for proof key flows)
  • code_challenge_method (optional - defaults to plain when using proof keys):
    • plain indicates that the challenge is using plain text (not recommended)
    • S256 indicates the the challenge is hashed with SHA256
  • login_hint (optional) - can be used to pre-fill the username field on the login page
  • ui_locales (optional) - gives a hint about the desired display language of the login UI
  • max_age (optional) - if the user’s logon session exceeds the max age (in seconds), the login UI will be shown
  • acr_values (optional) - allows to pass additional authentication related information to the user service - there are also values with special meaning:
    • idp:name_of_idp bypasses the login screen and forwards the user directly to the selected external identity provider if configured for the client. For example, using idp:Microsoft for configured clients will forward the user directly to Microsoft Account for external authentication into SIMS ID.

 

Example

(URL encoding removed for readability)

GET 

/connect/authorize?
client_id=client1&
scope=openid&
response_type=id_token token&
redirect_uri=https://myapp/callback&
state=abc&
nonce=xyz

Register as a Technical Integrator

Click Here to register

 

 

 

Web - SIMS ID Based APIs RESOURCES

Related resources for Web - SIMS ID Based APIs