Grant the access request

The resource owner will consent or deny the third party application access request, and Zephr will return an authorization code upon user's consent.

SecurityCookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie

Request

Request Body schema: application/json

client_id required	string Zephr Site Oauth2 Client ID
response_type required	string Must be set to `code`
redirect_uri required	string Client's redirection endpoint. Must be an absolute URI
scope required	string The scope of the access request. Supported scopes: user.account:read, user.profile:read and user.profile:update
state required	string An opaque value used by the client to maintain state between the request and callback
allow required	boolean Resource owner consent

Responses

200

OK. The template variable "BASICAUTH" is set as the authorization header of "$CLIENTID" and "$CLIENTSECRET". The template variable "AUTHCODE" is set to the response body "code" field.

401

Unauthorized

post/zephr/oauth2/grant

Request samples

Payload

application/json

{"client_id": "1234567890",
"response_type": "code",
"redirect_uri": "https://someUrl.com/callback",
"scope": "user.account:read user.profile:read",
"state": "abcdefghijklmnopqrstuvwsyz",
"allow": true
}