GET /oauth/auth

Get an access code for an authenticated Coil user

GET https://coil.com/oauth/auth

You must register your app and receive a client_id and client_secret before calling this endpoint.

This endpoint allows your app to request access to an authenticated Coil user's resources (such as profile information).

  1. Your app sends identifying information about itself to the Coil OIDC provider.

  2. The Coil user is presented with a login page (or an Authorize button if cookies are present from prior authorizations). The page lists the resources your app is requesting access to.

  3. The authenticated Coil user grants access to their resources and the OIDC provider returns an access code. NOTE: This step does not provide the user's actual resources, only confirmation (via presence of access token) that permission was granted to use the resources.

Query parameters

Parameter

Type

Description

response_type

string

Tells the authorization server which grant to execute. The value must be code.

scope

string

The value must be openid. This indicates that your app intends to use OIDC to verify the Coil user's identity.

client_id

string

You app's client_id. The client_id was assigned during registration.

state

string

A random string generated by your app for this authentication request. The value in the response is expected to match this value. It's used to verify that the redirect came from the Coil OIDC provider and to maintain continuity between sessions.

redirect_uri

string

The URI that the OIDC provider will redirect to after authentication is complete. It must match the redirect_uri set by your app during registration.

Example auth redirect URL

https://coil.com/oauth/auth
?response_type=code
&scope=openid
&client_id=314ac134-fc3c-4d28-bf43-ccb75a2f9fb2
&state=b5f1872f-9d32-5f31-819d-5a4daeab4ea9
&redirect_uri=https://example.com

Response parameters

After the Coil user authenticates, the OIDC provider redirects them to the redirect_uri provided in the query string.

The OIDC provider further augments the URI with the parameters below. Your app must use these parameters to proceed with the authorization code flow.

Parameter

Type

Description

code

string

An access code assigned by the OIDC provider.

state

string

The same random string that your app generated in the request.

Example auth redirect response

https://example.com/
?code=CU6LG36vKvVmUbF9QWFwj7F5zvY
&state=b5f1872f-9d32-5f31-819d-5a4daeab4ea9

Next: Request an access token for the Coil user.