OAuth 2.0 Authorize

OAuth 2.0 AuthorizeClient-side

get/oauth2/auth

Checks the presence of a valid SSO session. Redirects to the URL passed in the redirect_url parameter with an authorization code.

Request

query Parameters

response_type required	string Will be set to code, indicating that the application expects to receive an authorization code if successful. Value: "code"
client_id required	integer Your application ID. Get it after creating an OAuth 2.0 client.
redirect_uri required	string This URL must match one of the URLs the developer registered when creating the application, and the authorization server should reject the request if it does not match. To set up this parameter, contact your Customer Success Manager.
scope required	string The request may have one or more scope values indicating additional access requested by the application. The authorization server will need to display the requested scopes to the user.
state required	string The state parameter is used by the application to store request-specific data and/or prevent CSRF attacks. The authorization server must return the unmodified state value back to the application. This is the recommended parameter.
audience required	string The audience parameter may contain multiple strings separated by a url-encoded space (+ or %20). The audience values themselves must also be url encoded.
popup	boolean Default: false If true is passed method will redirect to widget at first and then to partner's callback. If false, method will redirect straight to partner's callback.
code_challenge	string Generated challenge from the `code_verifier` (https://datatracker.ietf.org/doc/html/rfc7636#section-4-2).
code_challenge_method	string Method used to generate the challenge. For now, you can only use the method `S256` to generate `code_challenge`. Value: "S256"
widget_only	boolean Service parameter for pop up flow. Does not affect API behaviour.
enable_post_message_login	boolean Service parameter for pop up flow. Does not affect API behaviour.
disable_socials	boolean Service parameter for pop up flow. Does not affect API behaviour.
fail_auth_url	string If passed then method will redirect on this URL in case of a missing session for authentication and obtaining new session.
disable_passwordless_email	boolean Service parameter for pop up flow. Does not affect API behaviour.
disable_passwordless_phone	boolean Service parameter for pop up flow. Does not affect API behaviour.
is_xsolla_link	boolean Service parameter for pop up flow. Does not affect API behaviour.

Responses

302

Redirection

400

Bad Request

404

Not Found

418

I’m a teapot

422

Unprocessable Entity

429

Too Many Requests

Request samples

curl --request GET \
  --url 'https://login.xsolla.com/api/oauth2/auth?response_type=SOME_STRING_VALUE&client_id=SOME_INTEGER_VALUE&redirect_uri=SOME_STRING_VALUE&scope=SOME_STRING_VALUE&state=SOME_STRING_VALUE&audience=SOME_STRING_VALUE&popup=false&code_challenge=SOME_STRING_VALUE&code_challenge_method=SOME_STRING_VALUE&widget_only=SOME_BOOLEAN_VALUE&enable_post_message_login=SOME_BOOLEAN_VALUE&disable_socials=SOME_BOOLEAN_VALUE&fail_auth_url=SOME_STRING_VALUE&disable_passwordless_email=SOME_BOOLEAN_VALUE&disable_passwordless_phone=SOME_BOOLEAN_VALUE&is_xsolla_link=SOME_BOOLEAN_VALUE' \
  --header 'accept: application/x-www-form-urlencoded'

Response samples

{"error": {"code": "003-061",
"description": "Object not found.",
"details": { }
}
}