Because the numbers are generally only used by developers, you can join and use Discord without knowing any of them. This can be set to any value.įor a full explanation of all of these parameters, see: /authorize Request parameters.Every Discord user, server, channel, and message has a distinct ID number. Use it to associate a client session with an ID token and to mitigate replay attacks. Nonce: A string included in the returned ID token. State: Protects against cross-site request forgery (CSRF). This URL must start with https and must match one of the redirect URIs that you configured in the previous section. Redirect_uri: The location where Okta returns a browser after the user finishes authenticating with their Identity Provider. You can request any of the standard OpenID Connect scopes about users, such as profile and email as well as any custom scopes specific to your Identity Provider. You need to include at least the openid scope. Include the scopes that you want to request authorization for and separate each with a %20 (space character). Scope: Determines the claims that are returned in the ID token.
Response_mode: Determines how the authorization response is returned. For the Authorization Code flow, use code. Response_type: Determines which flow is used. This is not the client_id from the Identity Provider. In the URL, replace $ with your org's base URL, and then replace the following values:Ĭlient_id: Use the client_id value from your Okta app integration. The authorize URL initiates the authorization flow that authenticates the user with the Identity Provider. The Okta Identity Provider that you created generated an authorize URL with a number of blank parameters that you can fill in to test the flow with the Identity Provider. You need them to configure your Identity Provider in Okta.Īlternatively, you can use the Authorize URL to simulate the authorization flow. Save the generated Discord client ID and client secret values. Include all base domains (Okta domain and custom domain) that your users will interact with in the allowed redirect URI list. If you configured a custom domain in your Okta org, use that value to construct your redirect URI, such as. This URI has the same structure for most IdPs in Okta and is constructed using your Okta subdomain and the callback endpoint.įor example, if your Okta subdomain is called company, then the URI would be. It needs to be a secure domain that you own. This URI is where the IdP sends the authentication response (the access token and the ID token). The redirect URI sent in the authorize request from the client must match the redirect URI set at the IdP. When you create an application at the IdP, you must provide a redirect URI for authentication.
Create an OAuth 2.0 (opens new window) app at Discord.
0 kommentar(er)
