This endpoint allows your app to request access to an authenticated Coil user's resources. The information you're allowed to request is based on the scope you are authorized to use.
Your app sends identifying information about itself to the Coil OIDC provider.
The Coil user is presented with a login page (or an Authorize button if cookies are present from prior authorizations). The page lists the resources your app is requesting access to.
The authenticated Coil user grants access to their resources and the OIDC provider returns an access code. NOTE: This step does not provide the user's actual resources, only confirmation (via presence of access token) that permission was granted to use the resources.
Tells the authorization server which grant to execute. The value must be
A random string generated by your app for this authentication request. The value in the response is expected to match this value. It's used to verify that the redirect came from the Coil OIDC provider and to maintain continuity between sessions.
The URI that the OIDC provider will redirect to after authentication is complete. It must match the
After the Coil user authenticates, the OIDC provider redirects them to the
redirect_uri provided in the query string.
The OIDC provider further augments the URI with the parameters below. Your app must use these parameters to proceed with the authorization code flow.
An access code assigned by the OIDC provider.
The same random string that your app generated in the request.
Next: Request an access token for the Coil user.