### Install OpenID Connect PHP Library Source: https://docs.idura.app/verify/integrations/PHP Instructions for installing the required OpenID Connect client library using Composer and including the autoloader in your PHP project. ```bash composer require jumbojett/openid-connect-php ``` ```php require __DIR__ . '/vendor/autoload.php'; ``` -------------------------------- ### Install Idura Verify React SDK Source: https://docs.idura.app/verify/integrations/react Installs the necessary npm package to enable Idura Verify authentication features in a React project. ```bash npm install @criipto/verify-react ``` -------------------------------- ### Initiate Implicit Flow Authentication Request Source: https://docs.idura.app/verify/getting-started/oidc-intro This example shows a GET request to initiate the Implicit Flow for authentication. It requests an `id_token` directly, with the response mode set to 'fragment'. This flow is supported but not recommended due to security considerations. ```HTTP GET https://YOUR_SUBDOMAIN.idura.broker/oauth2/authorize? response_type=id_token& response_mode=fragment& client_id=CLIENT_ID& redirect_uri=YOUR_RETURN_URL& acr_values=CHOSEN_IDENTITY_SERVICE& scope=openid& state=YOUR_STATE ``` -------------------------------- ### Initiate PKCE Authentication Request Source: https://docs.idura.app/verify/getting-started/oidc-intro This snippet illustrates an example GET request to initiate the OAuth2 authorization flow with PKCE. It includes parameters like client ID, redirect URI, scope, and PKCE-specific parameters such as code challenge and method. This request is made from the client to the authorization server. ```HTTP GET https://YOUR_SUBDOMAIN.idura.broker/oauth2/authorize? response_type=code& response_mode=query& client_id=CLIENT_ID& redirect_uri=YOUR_RETURN_URL& acr_values=CHOSEN_IDENTITY_SERVICE& scope=openid& state=YOUR_STATE& code_challenge=YOUR_CODE_CHALLENGE& code_challenge_method=S256 ``` -------------------------------- ### Install Idura Signatures SDK for .NET Source: https://docs.idura.app/signatures/integrations/csharp Install the Idura Signatures SDK using either the Package Manager Console or the dotnet CLI. This SDK is compatible with netstandard2.0 and later versions of .NET. ```powershell Install-Package Criipto.Signatures ``` ```bash dotnet add package Criipto.Signatures ``` -------------------------------- ### Install Idura Auth SDK Source: https://docs.idura.app/verify/integrations/javascript Methods to include the Idura Auth library in your project. You can either load the script directly via unpkg or install the package using npm. ```html ``` ```bash npm install --save @criipto/auth-js ``` -------------------------------- ### Configure Callback URL Source: https://docs.idura.app/verify/integrations/vuejs Example of a local development callback URL used for redirecting users after successful authentication. ```text http://localhost:5173 ``` -------------------------------- ### Install Idura Verify SDK Source: https://docs.idura.app/verify/integrations/nodejs-express Command to install the required Idura Verify Express package via npm. ```bash npm install @criipto/verify-express ``` -------------------------------- ### Install ASP.NET Core Authentication Dependencies Source: https://docs.idura.app/verify/integrations/aspnet-core-v3 Commands to install the necessary NuGet packages for Cookie and OpenID Connect authentication in an ASP.NET Core project. These packages are required to handle user authentication sessions and OIDC communication. ```bash dotnet add package Microsoft.AspNetCore.Authentication.Cookies dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect ``` -------------------------------- ### Install OIDC Dependency Source: https://docs.idura.app/verify/integrations/aspnet-core-v6 Command to install the required Microsoft OpenID Connect authentication handler package for ASP.NET Core. ```bash dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect ``` -------------------------------- ### Query Example Source: https://docs.idura.app/signatures/webhooks/events An example demonstrating how to query or structure a request related to webhook events. ```APIDOC ## Query Example This section provides an example of a query that might be used in conjunction with webhook events or related API calls. ### Method GET ### Endpoint `/example/query` ### Query Parameters * **eventType** (string) - Optional - The type of webhook event to filter by. * **orderId** (string) - Optional - The ID of the signature order to filter by. ### Request Example ``` GET /example/query?eventType=SIGNATORY_SIGNED&orderId=abc-123 ``` ### Response #### Success Response (200) * **data** (array) - A list of relevant records matching the query. * **count** (integer) - The total number of records found. ``` -------------------------------- ### Install Idura Verify SDK Source: https://docs.idura.app/verify/integrations/vuejs Installs the required @criipto/auth-js package to enable OpenID Connect authentication flows in your JavaScript or Vue.js project. ```bash npm install --save @criipto/auth-js ``` -------------------------------- ### GET /authorize Source: https://docs.idura.app/verify/guides/authorize-url-builder?acr_values=urn%3Agrn%3Aauthn%3Ase%3Abankid%3Aanother-device%3Aqr&action=approve&message=Transfer+EUR+100+to+IBAN+DK123456781234 Initiates the OpenID Connect authentication flow by redirecting the user to the Idura Verify authorization server. ```APIDOC ## GET /authorize ### Description Initiates the authentication process. This endpoint redirects the user to the Idura Verify login page to authenticate via their chosen eID. ### Method GET ### Endpoint https://{domain}/oauth2/authorize ### Parameters #### Query Parameters - **client_id** (string) - Required - The unique identifier for your application. - **redirect_uri** (string) - Required - The URL where the user is redirected after authentication. - **response_type** (string) - Required - Must be 'code' (recommended) or 'id_token'. - **scope** (string) - Required - OIDC scopes (e.g., 'openid'). - **nonce** (string) - Required - A cryptographically strong value to prevent replay attacks. - **state** (string) - Optional - An opaque value used to maintain state between the request and callback. - **login_hint** (string) - Optional - Used for prefilling values or triggering specific eID features. ### Request Example GET /oauth2/authorize?client_id=my-client-id&redirect_uri=https://myapp.com/callback&response_type=code&scope=openid&nonce=random_string ### Response #### Success Response (302) - **Location** (header) - Redirects the user to the Idura Verify login page. #### Response Example HTTP/1.1 302 Found Location: https://{domain}/login?... ``` -------------------------------- ### Authorization Code Flow Example Response Source: https://docs.idura.app/verify/getting-started/oidc-intro An example HTTP 302 Found response for the Authorization Code Flow. This response redirects the user's browser to the specified redirect_uri with the authorization code and state as query parameters, indicating a successful authentication initiation. ```http HTTP/1.1 302 Found Location: YOUR_RETURN_URL?code=AUTHORIZATION_CODE&state=YOUR_STATE ``` -------------------------------- ### GET /authorize Source: https://docs.idura.app/verify/guides/authorize-url-builder?acr_values=urn%3Agrn%3Aauthn%3Ase%3Abankid&nonVisibleData=Not+visible+to+end+user Initiates the OpenID Connect authentication flow by redirecting the user to the Idura Verify authorization endpoint. ```APIDOC ## GET /authorize ### Description Initiates the OAuth 2.0 / OpenID Connect authorization flow. This endpoint redirects the user to the Idura Verify login page for the specified eID. ### Method GET ### Endpoint https://{domain}/oauth2/authorize ### Parameters #### Query Parameters - **client_id** (string) - Required - The unique identifier for your application (realm). - **redirect_uri** (string) - Required - The URL where the user will be redirected after authentication. - **response_type** (string) - Required - The type of response (e.g., 'code' for authorization code flow). - **response_mode** (string) - Optional - How the result is returned (e.g., 'query' or 'fragment'). - **nonce** (string) - Required - A cryptographically strong string to prevent replay attacks. - **state** (string) - Optional - An opaque value used to maintain state between the request and callback. - **login_hint** (string) - Optional - Used for prefilling values or triggering specific eID features. ### Request Example GET /oauth2/authorize?client_id=my-client-id&redirect_uri=https://myapp.com/callback&response_type=code&nonce=random_string ### Response #### Success Response (302) - **Location** (string) - Redirects the user to the Idura Verify login interface. #### Response Example HTTP/1.1 302 Found Location: https://{domain}/login?... ``` -------------------------------- ### GET /oauth2/authorize Source: https://docs.idura.app/verify/guides/authorize-url-builder?acr_values=urn%3Agrn%3Aauthn%3Ase%3Abankid&action=sign&message=Vendor%3A%0A%0A%23%23+Cool+Delivery%0A%0AAmount%3A%0A%0A%23%23+300+EUR%0A%0A---%0A%0AI+approve+this+transaction. Initiates the authentication flow with specific eID providers and optional transaction parameters. ```APIDOC ## GET /oauth2/authorize ### Description Initiates an OIDC authorization request. Supports selecting specific eID providers via `acr_values` and passing transaction-specific data via `login_hint` or path segments. ### Method GET ### Endpoint /oauth2/authorize ### Parameters #### Query Parameters - **scope** (string) - Required - Must include 'openid' - **client_id** (string) - Required - Your Idura client identifier - **redirect_uri** (string) - Required - The URI to redirect to after authentication - **response_type** (string) - Required - e.g., 'id_token' - **acr_values** (string) - Optional - The URN of the specific eID provider (e.g., urn:grn:authn:se:bankid) - **login_hint** (string) - Optional - Used to pass actions or messages (base64 encoded) for specific integrations ### Request Example https://criipto-verify-prod.criipto.id/oauth2/authorize?scope=openid&client_id=urn:criipto:dev&redirect_uri=https://jwt.io&response_type=id_token&acr_values=urn:grn:authn:se:bankid&login_hint=action:sign%20message:VmVuZG9yOgoKIyMgQ29vbCBEZWxpdmVyeQoKQW1vdW50OgoKIyMgMzAwIEVVUgoKLS0tCgpJIGFwcHJvdmUgdGhpcyB0cmFuc2FjdGlvbi4= ### Response #### Success Response (302) - **Redirect** - Redirects the user to the selected eID provider's login page. ``` -------------------------------- ### Example JWKS Configuration Source: https://docs.idura.app/verify/e-ids/finnish-trust-network A sample JSON Web Key Set (JWKS) format containing both an encryption key (use: enc) and a signing key (use: sig) for OIDC integration. ```json { "keys": [ { "kty": "RSA", "use": "enc", "kid": "E1F0D80A379B4F9C8EE7043875345265", "e": "AQAB", "n": "zwEbepsvbT4TpZNecCtmJnMhALAH0sqlpllZdkI6AsRGou_cxakr8b8HKjjYWiyb-RJzbScGxBLPVK4k9RcEOL3PxoGoSIABEE1-NinDoiTYaSRIYwd7N914vWSGgfs7ctMy7vYRXmTBoc_NuLQkl79Fu2tFjXbLyAgGfnePkZUrFJqCXwCB553QYXJ0Lw4B8P8MFjy80YShI1wBQmCfj5BpZbACN5u5-84233KTHqYIkGOTrF4FZwVRvAkNutjiwMIzwKYGRj2qjdmelmqDlgiPre5UP8Cfnl7Urm411JhueWo7mrvJAcwHMpcyE4Rsuyhm93bv0hBDe5ddt-r4cw" }, { "kty": "RSA", "use": "sig", "kid": "08E538B6D3B346A8B61322A4FAFB35CC", "e": "AQAB", "n": "0TGwj4SywrEU3IYBBm-HlxyI7zKQkjM6Y4PEZNNBmoIFk4kU8J5xVNkbkqnv_SwKrKJD3JbYK18zLvyu05xVDxXEZR8FkipGaXisGOuXuo_A8Gswe_-LLYfN3N-bpcID9E8FnSq6todIO8umD50W9VdGSoO_WxBiffnpnpXDihTuGSLLSdhWz6vz7-VY_Uphv6V87FfqU0OaMGLi7InsZlMSlquvb8LthOm22YvuiRkgkX1cMjW-uaWva7AMQJ6eKbOKRADnMGNjwlUOJkPsqUbCUGuMvNFwqh9JQCBHEvnwGz8Lmt8hNaK0uQ0nT3l2PFZ5_LsH9JrpxqCmD2LHeQ" } ] } ``` -------------------------------- ### Authorization Code Flow Example Request Source: https://docs.idura.app/verify/getting-started/oidc-intro An example GET request for the Authorization Code Flow in Idura. This request is used to obtain an authorization code, which is then exchanged for an access token. It includes parameters such as response_type, response_mode, client_id, redirect_uri, acr_values, scope, and state. ```http GET https://YOUR_SUBDOMAIN.idura.broker/oauth2/authorize? response_type=code& response_mode=query& client_id=CLIENT_ID& redirect_uri=YOUR_RETURN_URL& acr_values=CHOSEN_IDENTITY_SERVICE& scope=openid& state=YOUR_STATE ``` -------------------------------- ### Install Idura Signatures SDK for Node.js Source: https://docs.idura.app/signatures/integrations/nodejs Install the Idura Signatures SDK using npm or yarn. This SDK is required to interact with the Idura Signatures API in your Node.js application. It supports Node.js version 16 and later. ```bash npm install --save @criipto/signatures yarn add @criipto/signatures ``` -------------------------------- ### Modify Startup.cs for .NET Core 3.1 Source: https://docs.idura.app/verify/integrations/aspnet-core-v3 Updates the Startup.cs file to align with .NET Core 3.1 conventions. This includes removing `SetCompatibilityVersion`, updating environment types, adding routing and authorization middleware, and replacing `UseMvc` with `UseEndpoints`. ```csharp using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; public class Startup { public void ConfigureServices(IServiceCollection services) { services.AddMvc(); } public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(routes => { routes.MapControllerRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); } } ``` -------------------------------- ### GET /auth/userinfo (JWT Example) Source: https://docs.idura.app/verify/e-ids/vipps-mobilepay Represents the structure of the JWT/Token returned after a successful authentication via Idura Verify, containing user identity claims. ```APIDOC ## GET /auth/userinfo ### Description Returns the identity claims for an authenticated user. This endpoint provides the standard OpenID Connect claims along with specific eID metadata. ### Method GET ### Endpoint /auth/userinfo ### Response #### Success Response (200) - **identityscheme** (string) - The eID used to authenticate. - **sub** (string) - Persistent pseudonym uniquely identifying the user. - **address** (object) - Standard OIDC address claim. - **birthdate** (string) - User birthdate in YYYY-MM-DD format. - **emailaddress** (string) - User email address. - **mobilephone** (string) - User phone number. - **socialno** (string) - Social security number. - **given_name** (string) - User first name. - **family_name** (string) - User last name. #### Response Example { "identityscheme": "novippslogin", "sub": "{75dca599-1ad7-4a09-81c0-92d424b82fbc}", "emailaddress": "mikkel@idura.com", "given_name": "Mikkel", "family_name": "Larsen" } ``` -------------------------------- ### Ordering Norwegian BankID Client Credentials Source: https://docs.idura.app/verify/e-ids/norwegian-bankid To enable real user transactions with Norwegian BankID, you must obtain client credentials (client ID and client secret) from Bidbax. Prerequisites include being a customer of a Norwegian Bank, possessing a valid personal eID, and completing the 'Get ready for production' guide. ```APIDOC ## Ordering Process for Norwegian BankID ### Description This section outlines the process and prerequisites for ordering Norwegian BankID client credentials (client ID and client secret) from Bidbax, which is necessary to accept real users. ### Prerequisites - Your company must be a customer of a Norwegian Bank. - The individual signing the contract must possess one of the following personal eIDs: Norwegian BankID, Swedish BankID, or Danish MitID. - You must have completed step 4 of the 'Get ready for production' guide, including providing the production domain. **Note:** The BankID OIDC Biometrics option is always included in the basis agreement. ``` -------------------------------- ### Enable OpenID Connect Middleware in Startup.cs Source: https://docs.idura.app/verify/integrations/aspnet-core-v3 Configures the ASP.NET Core application to use OpenID Connect authentication. This involves calling UseAuthentication and UseAuthorization in the Configure method, ensuring they are placed after UseRouting. ```csharp public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseCookiePolicy(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(routes => { routes.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}"); }); } ``` -------------------------------- ### Initialize Idura Auth SDK Source: https://docs.idura.app/verify/integrations/javascript Initialize the CriiptoAuth client with your domain and client ID. This setup supports both global variable access from CDN and module imports from npm. ```javascript // Global usage var criiptoAuth = new CriiptoAuth({ domain: '{{YOUR_IDURA_DOMAIN}}', clientID: '{{YOUR_CLIENT_ID}}', store: sessionStorage, }); ``` ```javascript // Module import import CriiptoAuth from '@criipto/auth-js'; var criiptoAuth = new CriiptoAuth({ domain: '{{YOUR_IDURA_DOMAIN}}', clientID: '{{YOUR_CLIENT_ID}}', store: sessionStorage, }); ``` -------------------------------- ### Handle Callback and Decrypt JWE Source: https://docs.idura.app/verify/e-ids/finnish-trust-network Initializes the OIDC configuration and prepares the callback route to handle the code exchange. This snippet demonstrates the setup required to eventually decrypt the JWE using the private key. ```javascript import * as jose from 'jose'; import { OpenIDConfigurationManager, codeExchange } from '@criipto/oidc'; const jwks = jose.createRemoteJWKSet(new URL(`https://${IDURA_DOMAIN}/.well-known/jwks`)); const configurationManager = new OpenIDConfigurationManager( `https://${IDURA_DOMAIN}/.well-known/openid-configuration`, ); app.get('/callback', async (req, res) => { const { code } = req.query; try { const configuration = await configurationManager.fetch(); const clientAssertion = 'YOUR_CLIENT_ASSERTION_JWT'; // 1. Perform the code exchange at Idura's token endpoint. // This step retrieves the ID Token, which for FTN will be encrypted (JWE). } ``` -------------------------------- ### Configure OIDC Middleware in ASP.NET Core Source: https://docs.idura.app/verify/integrations/aspnet-core-v6 Configuration files for setting up Idura Verify credentials and OIDC middleware. Includes appsettings.json for configuration values and Program.cs for service registration. ```json { "Idura": { "Domain": "{{YOUR_IDURA_DOMAIN}}", "ClientId": "{{YOUR_CLIENT_ID}}", "ClientSecret": "YOUR_CLIENT_SECRET" } } ``` ```csharp builder.Services.Configure(options => { options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); builder.Services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() .AddOpenIdConnect(options => { options.ClientId = builder.Configuration["Idura:ClientId"]; options.ClientSecret = builder.Configuration["Idura:ClientSecret"]; options.Authority = $"https://{builder.Configuration["Idura:Domain"]}/"; options.ResponseType = "code"; options.CallbackPath = new PathString("/callback"); options.SignedOutCallbackPath = new PathString("/signout"); }); ``` -------------------------------- ### Install Idura Signatures Python SDK Source: https://docs.idura.app/signatures/integrations/python Installs the Idura Signatures SDK for Python 3.13 and later using pip. It also adds the package to a virtual environment if one is active. ```bash python3 -m pip install criipto-signatures uv add criipto-signatures ``` -------------------------------- ### Requesting Business Logins via OIDC Source: https://docs.idura.app/verify/e-ids/danish-mitid-erhverv Demonstrates how to trigger a business-context login flow using acr_values or login_hint parameters in the authorize request. ```text acr_values: urn:grn:authn:dk:mitid:business login_hint=business login_hint=business_optional ``` -------------------------------- ### POST /oauth2/authorize Example Source: https://docs.idura.app/verify/guides/authorize-url-builder?acr_values=urn%3Agrn%3Aauthn%3Ase%3Afrejaid&frejaAction=sign_advanced&message=Test+advanced+signature+flow&title=Advanced+signature An example of how to construct the authorization URL for initiating an authentication flow, including scopes, client ID, redirect URI, response type, response mode, nonce, acr_values, and login_hint with signature flow parameters. ```APIDOC ## POST /oauth2/authorize Example ### Description This example demonstrates how to construct the authorization URL to initiate an authentication flow with specific parameters, including signature flow details. ### Endpoint `https://criipto-verify-prod.criipto.id/oauth2/authorize` ### Query Parameters - **`scope`** (string) - `openid` - **`client_id`** (string) - `urn:criipto:dev` - **`redirect_uri`** (string) - `https://jwt.io` - **`response_type`** (string) - `id_token` - **`response_mode`** (string) - `fragment` - **`nonce`** (string) - `ecnon-fb8b8b2e-2eb2-4a7e-ba2c-eba832ed395d` - **`acr_values`** (string) - `urn:grn:authn:se:frejaid` - **`login_hint`** (string) - `action:sign_advanced title:QWR2YW5jZWQgc2lnbmF0dXJl message:VGVzdCBhZHZhbmNlZCBzaWduYXR1cmUgZmxvdw==` ### Request Example ``` https://criipto-verify-prod.criipto.id/oauth2/authorize?scope=openid&client_id=urn:criipto:dev&redirect_uri=https://jwt.io&response_type=id_token&response_mode=fragment&nonce=ecnon-fb8b8b2e-2eb2-4a7e-ba2c-eba832ed395d&acr_values=urn:grn:authn:se:frejaid&login_hint=action:sign_advanced title:QWR2YW5jZWQgc2lnbmF0dXJl message:VGVzdCBhZHZhbmNlZCBzaWduYXR1cmUgZmxvdw== ``` ``` -------------------------------- ### Configure OpenID Connect Middleware in ASP.NET Core Source: https://docs.idura.app/verify/integrations/aspnet-core-v3 Configures authentication services in the Startup class, including cookie policy and OpenID Connect settings. It demonstrates how to dynamically set ACR values via query parameters to control the authentication flow. ```csharp public void ConfigureServices(IServiceCollection services) { services.Configure(options => { options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() .AddOpenIdConnect(options => { options.ClientId = Configuration["Idura:ClientId"]; options.ClientSecret = Configuration["Idura:ClientSecret"]; options.Authority = $"https://{Configuration["Idura:Domain"]}/"; options.ResponseType = "code"; options.CallbackPath = new PathString("/callback"); options.SignedOutCallbackPath = new PathString("/signout"); options.Events = new OpenIdConnectEvents() { OnRedirectToIdentityProvider = context => { context.ProtocolMessage.AcrValues = context.Request.Query["loginmethod"]; return Task.FromResult(0); } }; }); services.AddMvc(); } ``` -------------------------------- ### Initialize Idura SDK with Custom Callback URL (Kotlin) Source: https://docs.idura.app/verify/integrations/kotlin Demonstrates how to initialize the Idura SDK in Kotlin, specifying a custom redirect URI. This involves passing the custom URI string during the IduraVerify function call. ```kotlin IduraVerify( BuildConfig.IDURA_CLIENT_ID, BuildConfig.IDURA_DOMAIN, activity = activity, redirectUri = "https://${BuildConfig.IDURA_DOMAIN}/my/custom/callback".toUri(), ) ``` -------------------------------- ### GET /oauth2/authorize Source: https://docs.idura.app/verify/getting-started/oidc-intro Initiates the authentication flow by redirecting the user to the Idura identity service. ```APIDOC ## GET /oauth2/authorize ### Description Initiates the OAuth2 authorization flow. Users are redirected to the identity service to authenticate. ### Method GET ### Endpoint https://{YOUR_SUBDOMAIN}.idura.broker/oauth2/authorize ### Parameters #### Query Parameters - **response_type** (string) - Required - "code" or "id_token" - **client_id** (string) - Required - Your application client ID - **redirect_uri** (string) - Required - The URL to redirect to after authentication - **scope** (string) - Required - Usually "openid" - **state** (string) - Required - CSRF protection string - **code_challenge** (string) - Optional - Required for PKCE - **code_challenge_method** (string) - Optional - Required for PKCE (e.g., "S256") ### Response #### Success Response (302) - **Location** (string) - Redirects to the provided redirect_uri with code or token in the query/fragment. ```