Skip to main content
POST
/
v1
/
b2b
/
idp
/
oauth
/
authorize
/
start
C#
// POST /v1/b2b/idp/oauth/authorize/start
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  client_id: "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
  redirect_uri: "https://app.example/oauth/callback",
  response_type: "code",
  scopes: ["openid"],
};

client.IDP.OAuth.AuthorizeStart(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
// POST /v1/b2b/idp/oauth/authorize/start
package main

import (
"context"
"log"

"github.com/stytchauth/stytch-go/v18/stytch/b2b/b2bstytchapi"
"github.com/stytchauth/stytch-go/v18/stytch/b2b/idp/oauth"
)

func main() {
client, err := b2bstytchapi.NewClient(
"${projectId}",
"${secret}",
)
if err != nil {
log.Fatalf("error instantiating client: %v", err)
}

params := &oauth.AuthorizeStartParams{
ClientID: "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
RedirectURI: "https://app.example/oauth/callback",
ResponseType: "code",
Scopes: []string{"openid"},
}

resp, err := client.IDP.OAuth.AuthorizeStart(context.Background(), params)
if err != nil {
log.Fatalf("error in method call: %v", err)
}

log.Println(resp)
}
// POST /v1/b2b/idp/oauth/authorize/start
package com.example;

import com.stytch.java.b2b.models.idpoauth.AuthorizeStartRequest;
import com.stytch.java.b2b.StytchB2BClient;
import com.stytch.java.common.StytchResult;

public class Main {
public static void main(String[] args) {
StytchB2BClient.configure("${projectId}", "${secret}");

AuthorizeStartRequest params = new AuthorizeStartRequest();
params.setClientId("connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888");
params.setRedirectUri("https://app.example/oauth/callback");
params.setResponseType("code");
params.setScopes(new String("openid"));

Object result = StytchB2BClient.getIDP().getOAuth().authorizeStart(params);
if (result instanceof StytchResult.Success) {
System.out.println(((StytchResult.Success) result).getValue());
} else {
System.out.println(((StytchResult.Error) result).getException());
}
}
}
// POST /v1/b2b/idp/oauth/authorize/start
package com.example

import com.stytch.java.b2b.StytchB2BClient
import com.stytch.java.b2b.models.idpoauth.AuthorizeStartRequest

fun main() {
StytchB2BClient.configure(
projectId = "${projectId}",
secret = "${secret}",
)

when (
val result =
StytchB2BClient.idp.oauth.authorizeStart(
AuthorizeStartRequest(
clientId = "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
redirectUri = "https://app.example/oauth/callback",
responseType = "code",
scopes = arrayOf("openid"),
),
)
) {
is StytchResult.Success -> println(result.value)
is StytchResult.Error -> println(result.exception)
}
}
// POST /v1/b2b/idp/oauth/authorize/start
const stytch = require('stytch');

const client = new stytch.B2BClient({
project_id: '${projectId}',
secret: '${secret}',
});

const params = {
client_id: "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
redirect_uri: "https://app.example/oauth/callback",
response_type: "code",
scopes: ["openid"],
};

client.idp.oauth.authorizeStart(params)
.then(resp => { console.log(resp) })
.catch(err => { console.log(err) });
$response = $client->idp->oauth->authorize_start([
'client_id' => 'connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888',
'redirect_uri' => 'https://app.example/oauth/callback',
'response_type' => 'code',
'scopes' => ['openid'],
]);
# POST /v1/b2b/idp/oauth/authorize/start
from stytch import B2BClient

client = B2BClient(
project_id="${projectId}",
secret="${secret}",
)

resp = client.idp.oauth.authorize_start(
client_id="connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
redirect_uri="https://app.example/oauth/callback",
response_type="code",
scopes=["openid"],
)

print(resp)
# frozen_string_literal: true

# POST /v1/b2b/idp/oauth/authorize/start
require 'stytch'

client = StytchB2B::Client.new(
project_id: "${projectId}",
secret: "${secret}"
)

resp = client.idp.oauth.authorize_start(
client_id: "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
redirect_uri: "https://app.example/oauth/callback",
response_type: "code",
scopes: ['openid']

)

puts resp
// POST /v1/b2b/idp/oauth/authorize/start
use stytch::b2b::client::Client;
use stytch::b2b::idp_oauth::AuthorizeStartRequest;

fn main() {
let client = Client::new("${projectId}", "${secret}").unwrap();
let resp = client.idp.oauth.authorize_start(
AuthorizeStartRequest{
client_id: "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
redirect_uri: "https://app.example/oauth/callback",
response_type: "code",
scopes: vec!["openid"],
..Default::default()
}
).await;
println!("The response is {:?}", resp);
}
# POST /v1/b2b/idp/oauth/authorize/start
curl --request POST \
--url https://test.stytch.com/v1/b2b/idp/oauth/authorize/start \
-u '${projectId}:${secret}' \
-H 'Content-Type: application/json' \
-d '{
"client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
"redirect_uri": "https://app.example/oauth/callback",
"response_type": "code",
"scopes": ["openid"]
}'
{
  "request_id": "<string>",
  "member_id": "<string>",
  "member": {
    "organization_id": "<string>",
    "member_id": "<string>",
    "email_address": "<string>",
    "status": "<string>",
    "name": "<string>",
    "sso_registrations": [
      {
        "connection_id": "<string>",
        "external_id": "<string>",
        "registration_id": "<string>",
        "sso_attributes": {}
      }
    ],
    "is_breakglass": true,
    "member_password_id": "<string>",
    "oauth_registrations": [
      {
        "provider_type": "<string>",
        "provider_subject": "<string>",
        "member_oauth_registration_id": "<string>",
        "profile_picture_url": "<string>",
        "locale": "<string>"
      }
    ],
    "email_address_verified": true,
    "mfa_phone_number_verified": true,
    "is_admin": true,
    "totp_registration_id": "<string>",
    "retired_email_addresses": [
      {
        "email_id": "<string>",
        "email_address": "<string>"
      }
    ],
    "is_locked": true,
    "mfa_enrolled": true,
    "mfa_phone_number": "<string>",
    "default_mfa_method": "<string>",
    "roles": [
      {
        "role_id": "<string>",
        "sources": [
          {
            "type": "<string>",
            "details": {}
          }
        ]
      }
    ],
    "trusted_metadata": {},
    "untrusted_metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>",
    "scim_registration": {
      "connection_id": "<string>",
      "registration_id": "<string>",
      "external_id": "<string>",
      "scim_attributes": {
        "user_name": "<string>",
        "id": "<string>",
        "external_id": "<string>",
        "active": true,
        "groups": [
          {
            "value": "<string>",
            "display": "<string>"
          }
        ],
        "display_name": "<string>",
        "nick_name": "<string>",
        "profile_url": "<string>",
        "user_type": "<string>",
        "title": "<string>",
        "preferred_language": "<string>",
        "locale": "<string>",
        "timezone": "<string>",
        "emails": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "phone_numbers": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "addresses": [
          {
            "formatted": "<string>",
            "street_address": "<string>",
            "locality": "<string>",
            "region": "<string>",
            "postal_code": "<string>",
            "country": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "ims": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "photos": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "entitlements": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "roles": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "x509certificates": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "name": {
          "formatted": "<string>",
          "family_name": "<string>",
          "given_name": "<string>",
          "middle_name": "<string>",
          "honorific_prefix": "<string>",
          "honorific_suffix": "<string>"
        },
        "enterprise_extension": {
          "employee_number": "<string>",
          "cost_center": "<string>",
          "division": "<string>",
          "department": "<string>",
          "organization": "<string>",
          "manager": {
            "value": "<string>",
            "ref": "<string>",
            "display_name": "<string>"
          }
        }
      }
    },
    "external_id": "<string>",
    "lock_created_at": "<string>",
    "lock_expires_at": "<string>"
  },
  "organization": {
    "organization_id": "<string>",
    "organization_name": "<string>",
    "organization_logo_url": "<string>",
    "organization_slug": "<string>",
    "sso_jit_provisioning": "<string>",
    "sso_jit_provisioning_allowed_connections": [
      "<string>"
    ],
    "sso_active_connections": [
      {
        "connection_id": "<string>",
        "display_name": "<string>",
        "identity_provider": "<string>"
      }
    ],
    "email_allowed_domains": [
      "<string>"
    ],
    "email_jit_provisioning": "<string>",
    "email_invites": "<string>",
    "auth_methods": "<string>",
    "allowed_auth_methods": [
      "<string>"
    ],
    "mfa_policy": "<string>",
    "rbac_email_implicit_role_assignments": [
      {
        "domain": "<string>",
        "role_id": "<string>"
      }
    ],
    "mfa_methods": "<string>",
    "allowed_mfa_methods": [
      "<string>"
    ],
    "oauth_tenant_jit_provisioning": "<string>",
    "claimed_email_domains": [
      "<string>"
    ],
    "first_party_connected_apps_allowed_type": "<string>",
    "allowed_first_party_connected_apps": [
      "<string>"
    ],
    "third_party_connected_apps_allowed_type": "<string>",
    "allowed_third_party_connected_apps": [
      "<string>"
    ],
    "custom_roles": [
      {
        "role_id": "<string>",
        "description": "<string>",
        "permissions": [
          {
            "resource_id": "<string>",
            "actions": [
              "<string>"
            ]
          }
        ]
      }
    ],
    "trusted_metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>",
    "organization_external_id": "<string>",
    "sso_default_connection_id": "<string>",
    "scim_active_connection": {
      "connection_id": "<string>",
      "display_name": "<string>",
      "bearer_token_last_four": "<string>",
      "bearer_token_expires_at": "<string>"
    },
    "allowed_oauth_tenants": {}
  },
  "client": {
    "client_id": "<string>",
    "client_name": "<string>",
    "client_description": "<string>",
    "client_type": "<string>",
    "logo_url": "<string>"
  },
  "consent_required": true,
  "scope_results": [
    {
      "scope": "<string>",
      "description": "<string>",
      "is_grantable": true
    }
  ],
  "status_code": 123
}
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials",
"error_message": "Unauthorized credentials.",
"error_url": "https://stytch.com/docs/api/errors/401"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
Initiates a request for authorization of a Connected App to access a Members’s account. Call this endpoint using the query parameters from an OAuth Authorization request. This endpoint validates various fields (scope, client_id, redirect_uri, prompt, etc…) are correct and returns relevant information for rendering an OAuth Consent Screen. This endpoint returns:
  • A public representation of the Connected App requesting authorization
  • Whether explicit user consent must be granted before proceeding with the authorization
  • A list of scopes the user has the ability to grant the Connected App
Use this response to prompt the user for consent (if necessary) before calling the Submit OAuth Authorization endpoint. Exactly one of the following must be provided to identify the Member granting authorization:
  • member_id and organization_id
  • session_token
  • session_jwt
If a session_token or session_jwt is passed, the OAuth Authorization will be linked to the user’s session for tracking purposes. One of these fields must be used if the Connected App intends to complete the Exchange Access Token flow.

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

client_id
string
required

The ID of the Connected App client.

redirect_uri
string
required

The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the authorization_code grant.

response_type
string
required

The OAuth 2.0 response type. For authorization code flows this value is code.

scopes
string[]
required

An array of scopes requested by the client.

organization_id
string

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

member_id
string

Globally unique UUID that identifies a specific Member. The member_id is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.

session_token
string

A secret token for a given Stytch Session.

session_jwt
string

The JSON Web Token (JWT) for a given Stytch Session.

prompt
string

Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only consent is supported today.

Response

Successful response

request_id
string
required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

member_id
string
required

Globally unique UUID that identifies a specific Member.

member
object
required
organization
object
required
client
object
required

Whether the user must provide explicit consent for the authorization request.

scope_results
object[]
required

Details about each requested scope.

status_code
integer<int32>
required