/oauth2/authorize
The /oauth2/authorize endpoint is the OAuth 2.0 authorization endpoint
defined in RFC 6749.
Use this endpoint to gather consent and authorization from the resource owner for the following flows:
- 
Authorization code grant (OAuth 2.0 and OIDC) 
- 
Authorization code grant with PKCE (OAuth 2.0 and OIDC) 
- 
Authorization code grant with PAR (OAuth 2.0) 
- 
Implicit grant (OAuth 2.0 and OIDC) 
Specify the realm in the request URL; for example:
https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/alpha/authorizeThe authorization endpoint supports the following parameters:
| Parameter | Description | Required | 
|---|---|---|
| The OpenID Connect authentication context class reference values. | ||
| The user attributes to be returned in the ID token. | No | |
| Uniquely identifies the application making the request. | Yes | |
| The code verifier generated for the PKCE flow. | Yes, for the Authorization code grant with PKCE flow | |
| The method to derive the code challenge. | Yes, when the  | |
| The SSO token string linking the request to the user session to protect against Cross-Site Request Forgery attacks. | Yes, when gathering consent without a remote consent service | |
| Specifies whether the resource owner consents to the requested access. | Yes, when gathering consent unless consent is already saved for the scope | |
| Previously issued ID token passed as a hint about the end user’s session with the client. | No | |
| String value that can be set to the ID the user uses to log in. | No | |
| String value that associates the client session with the ID token. | Yes, for the Implicit grant flow for OIDC | |
| Specifies whether to prompt the end user for authentication and consent. | No | |
| The URI to return the resource owner to after authorization is complete. | No | |
| Specifies the mechanism for returning response parameters. | No | |
| The type of response expected from the authorization server. | Yes | |
| The JWT request object. | Yes, for JAR request and OIDC flows requiring a request object and providing no  | |
| For PAR or OIDC flows, a reference to JWT request object(s). | Yes, for JAR request and OIDC flows requiring a request object and providing no  | |
| Specifies whether to store a resource owner’s consented scopes. | No | |
| The scopes linked to the permissions requested by the client from the resource owner. | No | |
| The authentication journey to use when authenticating the resource owner. | No | |
| The value to maintain state between the request and the callback. | No, but strongly recommended | |
| The end user’s preferred languages for the user interface. | No |