Get an authorization code after authenticating a user against an identity provider (IDP). This is the first step of the OAuth 2.1 authorization code flow, where a user can log in via federation to the IDP configured for the client. After successfully logging in, the user gets an authorization code via a redirect URI.
This endpoint can be called from the front channel (the browser).
curl "https://{shortCode}.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/{organizationId}/oauth2/authorize?redirect_uri=http://localhost:3000/callback&client_id=client-id1"
A region-specific merchant identifier.
0dnz6ope
The URL to which the server redirects the browser after the user grants the authorization. The URI must be pre-registered. A variety of URI formats and wildcard for host are supported, but app links like airbnb://
or fb://
are not. Examples of supported URIs:
http://localhost:3000/callback
https://example.com/callback
com.example.app:redirect_uri_path
*.subdomain.topleveldomain.com
http://localhost:3000/callback
Must be code
. Indicates that the client wants an authorization code (using the authorization_code
grant type).
- code
The client ID obtained during application registration.
client-id1
- openid
- offline_access
Value to send the client to determine the state between the authorization request and the server response. Optional, but strongly recommended.
client-state
A unique shopper identifier (USID). If not provided, a new USID is generated.
d09c5010-4baa-11ea-98d8-01062d1a14bb
Name of an identity provider (IDP) to optionally redirect to, thereby skipping the IDP selection step.
To use a public client, set hint
to guest
and use a public client ID to get an authorization code. If no hint
is provided, the preferred IDP of the tenant is used by default.
For session bridge authorization the hint
should be set to sb-user
for a registered customer and to sb-guest
for a guest. For session bridge authorization the SLAS Client sfcc.session_bridge
scope.
google
The channel that this request is for. For a B2C Commerce request, this is angalous to the site ID.
RefArch
PKCE code challenge. Created by the client calling the login
endpoint.
The code_challenge
is created by SHA256 hashing the code_verifier
and Base64 encoding the resulting hash.
The code_verifier
should be a high entropy cryptographically random string with a minimum of 43 characters and a maximum of 128 characters.
krc5G3_5lRUcXDUzFZQ88oJA_-ZmlHWkyGsgOrSLEWg
End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For example, the value fr-CA fr en
represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation).
In most cases the IDP supports one language tag and has a default language set on the server. SLAS will support the space-separated list and pass them to the IDP.
en es-A fr-CA
Success. The authorization code is added to the redirect_uri
.
{
"authorizationCode": "eyJ2ZXIiOiIxLjAiLCJraWQiOiJTTEFTIiwidHlwIjoiand0IiwiY2x2IjoiS",
"usid": "156c4e69-e89b-406b-a4b7-576980bb234e"
}
The 1 minute maximum number of requests permitted per hour.
The 1 minute number of requests remaining in the current rate limit window.
The 1 minute time at which the current rate limit window resets in UTC epoch seconds.
The 5 minute maximum number of requests permitted per hour.
The 5 minute number of requests remaining in the current rate limit window.
The 5 minute time at which the current rate limit window resets in UTC epoch seconds.
{
"authorizationCode": "eyJ2ZXIiOiIxLjAiLCJraWQiOiJTTEFTIiwidHlwIjoiand0IiwiY2x2IjoiS",
"usid": "156c4e69-e89b-406b-a4b7-576980bb234e"
}