Authorization Code with PKCE grant type - Intergraph Smart Completions - Intergraph Smart Completions Update 4 - Customization & Programming

Intergraph Smart Completions Smart API Programmer's Getting Started Guide

Language
English
Product
Intergraph Smart Completions
Search by Category
Customization & Programming
Smart Completions Version
6.0.4

When using the Authorization Code with PKCE grant type, you must send the authorization details in the request header.

Parameter

Type

Description

Source

Grant Type

Required

The grant type, or authorization_code.

Here, use the value for authorization code with PKCE.

Callback URL

Required

The redirect_uri of your app, where authentication responses can be sent and received by your app.

It must exactly match one of the redirect URIs registered in the identity provider, except it must be URL-encoded.

Provided by the identity provider after registering the client application.

Auth URL

Required

The endpoint for the authentication server to retrieve the authorization code.

Provided by the identity provider after registering the client application.

Access Token URL

Required

The endpoint used to get an access token, which must be included in a resource request.

The token endpoint for your installation.

Client ID

Required

The ID assigned to your application by the identity provider (IdP).

Provided by the identity provider after registering the client application.

Client Secret

Optional

The application secret that you created in the app registration portal for your app.

Provided by the identity provider after registering the client application.

Code Challenge Method

Recommended/ Required

The method used to encode the code_verifier for the code_challenge parameter. This must be SHA256, but the specification allows the use of plain, if the client cannot support SHA256.

Code Verifier

Recommended

Indicates the same code_verifier that was used to obtain the authorization code. Automatically generated when undefined.

Scope

Required

A space-separated list of scopes. The scopes must all be from a single resource, along with OIDC scopes (profile, openid, email).

This value allows your app to get consent for multiple web APIs you want to call.

This parameter is a Microsoft extension to the authorization code flow, intended to allow apps to declare the resource they want the token during token redemption.

For Smart Cloud, the scope is based on the authentication method specified in the request. The default scope is openid_offline_access.

Provided by the identity provider after registering the client application.

State

Optional

A value included in the request which is also returned in the token response. It can be a string of any content that you wish.

A randomly generated unique value is typically used for preventing cross-site request forgery attacks.

The value can also encode information about the user's state within your application before the authentication request occurred.

SHARED Tip If you're unfamiliar with getting an access token using the Authorization Code with PKCE grant type, see an example using Postman.