![mac identity api scope approval ui mac identity api scope approval ui](https://www.zohowebstatic.com/sites/default/files/creator/help/homepage-c6.png)
In this example, we add a user's favorite color and preferred contact method to the ID token. The unique identifier of the API from which we want to read the user's appointmentsĪs in the previous examples, after the user consents (if necessary) and Auth0 redirects back to your app, request tokens.Įxtract the ID token from the response, decode it, and retrieve the user attributes and use them to personalize your UI.Įxtract the access token from the response, and call the API using the access token as credentials. The audience parameter includes one value: Read:appointments: to allow us to read the user's appointments from the API. Profile: to get name, nickname, and picture. Openid: to indicate that the application intends to use OIDC to verify the user's identity. The scope parameter is used for both OIDC scopes and API scopes, so now includes four values:
#Mac identity api scope approval ui code
The response_type parameter still includes one value:Ĭode: because we are using the regular web app flow, our initial request is for an authorization code when we request our tokens using this code, we will receive both the ID token we need for authentication and the access token that we can use to call our API.
![mac identity api scope approval ui mac identity api scope approval ui](https://www.imsglobal.org/sites/default/files/spec/security/images/fig2p1-fwsarchv1.jpg)
Initiate the authentication flow by sending the user to the authorization URL: You can also use defined permissions to customize the consent prompt for your users. If the custom API is under your control, you need to register both your application and API with Auth0 and define the scopes for your API using the Auth0 Dashboard. Note that requesting an access token is not dependent on requesting an ID token.īefore using a custom API, you need to know what scopes are available for the API you are calling. To do this, get two tokens:Īccess token that contains the proper scope to read appointments from the API. In this example, we combine our previous two examples to authenticate a user, request standard claims, and also request a custom scope for a calendar API that will allow the calling application to read appointments for the user.
![mac identity api scope approval ui mac identity api scope approval ui](https://data.solita.fi/wp-content/uploads/2021/11/screenshot-2021-11-19-at-9.49.50-360x469.png)
Authenticate a user and request standard claims and custom API access