OIDC / OAuth 2.0
Authorization Endpoint
Step 1 of the Authorization Code + PKCE flow. Redirect the end-user here to begin authentication.
GET
Authorization Endpoint
Redirect the browser to this endpoint to start the Authorization Code flow. If the user is not already authenticated, they will be sent to the Verify Group login page with the original parameters preserved.
Required for Authorization Code flow:
- Generate a random
code_verifier(43–128 chars) - Compute
code_challenge = BASE64URL(SHA256(code_verifier)) - Redirect user to this endpoint
- After login, user is redirected to your
redirect_uriwith?code=...&state=... - Exchange the code at the Token endpoint
Must be
code.Your OAuth App
client_id.Must exactly match a redirect URI registered with your OAuth App.
Space-separated scopes. Supported:
openid profile email org:read kyc:read claims:read voice:read evidence:readOpaque CSRF protection value. Returned unchanged in the redirect.
PKCE challenge —
BASE64URL(SHA256(code_verifier)). Required for public clients.Must be
S256.OIDC replay protection nonce. Included in the
id_token if provided.Previous
Token EndpointExchange an authorization code for tokens, obtain a machine-to-machine token, or rotate a refresh token.
Next
Authorization Endpoint