Skip to main content

Finalize an Auth Request and get the callback URL.

Finalize an Auth Request and get the callback URL for success or failure. The user must be redirected to the URL in order to inform the application about the success or failure. On success, the URL contains details for the application to obtain the tokens. This method can only be called once for an Auth request.

Path Parameters
    authRequestId string required

    Set this field when the authorization flow failed. It creates a callback URL to the application, with the error details set.

Request Body required
    session object
    sessionId string

    Possible values: non-empty and <= 200 characters

    ID of the session, used to login the user. Connects the session to the Auth Request.

    sessionToken string

    Possible values: non-empty and <= 200 characters

    Token to verify the session is valid

    error object

    Set this field when the authorization flow failed. It creates a callback URL to the application, with the error details set.

    error - ERROR_REASON_INVALID_REQUEST: Error states from https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2.1 - ERROR_REASON_INTERACTION_REQUIRED: Error states from https://openid.net/specs/openid-connect-core-1_0.html#AuthError

    Possible values: [ERROR_REASON_UNSPECIFIED, ERROR_REASON_INVALID_REQUEST, ERROR_REASON_UNAUTHORIZED_CLIENT, ERROR_REASON_ACCESS_DENIED, ERROR_REASON_UNSUPPORTED_RESPONSE_TYPE, ERROR_REASON_INVALID_SCOPE, ERROR_REASON_SERVER_ERROR, ERROR_REASON_TEMPORARY_UNAVAILABLE, ERROR_REASON_INTERACTION_REQUIRED, ERROR_REASON_LOGIN_REQUIRED, ERROR_REASON_ACCOUNT_SELECTION_REQUIRED, ERROR_REASON_CONSENT_REQUIRED, ERROR_REASON_INVALID_REQUEST_URI, ERROR_REASON_INVALID_REQUEST_OBJECT, ERROR_REASON_REQUEST_NOT_SUPPORTED, ERROR_REASON_REQUEST_URI_NOT_SUPPORTED, ERROR_REASON_REGISTRATION_NOT_SUPPORTED]

    Default value: ERROR_REASON_UNSPECIFIED

    errorDescription string
    errorUri string
Responses

OK

Schema
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    resourceOwner resource_owner is the organization or instance_id an object belongs to
    callbackUrl string

    Callback URL where the user should be redirected, using a "302 FOUND" status. Contains details for the application to obtain the tokens on success, or error details on failure. Note that this field must be treated as credentials, as the contained code can be used to obtain tokens on behalve of the user.

POST /v2beta/oidc/auth_requests/:authRequestId

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN
Bearer Token
authRequestId — path required
Content-Type
Body required
{

  "session": {

    "sessionId": "163840776835432705",

    "sessionToken": "string"

  },

  "error": {

    "error": "ERROR_REASON_UNSPECIFIED",

    "errorDescription": "string",

    "errorUri": "string"

  }

}
Accept
curl / cURL
curl -L -X POST 'https://$CUSTOM-DOMAIN/v2beta/oidc/auth_requests/:authRequestId' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "session": {
    "sessionId": "163840776835432705",
    "sessionToken": "string"
  },
  "error": {
    "error": "ERROR_REASON_UNSPECIFIED",
    "errorDescription": "string",
    "errorUri": "string"
  }
}'