How to handle responses from Authlete API
Most of Authlete APIs make a response that includes "action" parameter. On implementing an authorization server with Authlete, there is a principle of processing; making a request to one of Authlete's APIs, parsing a response from the API, checking a value of "action" in the response and processing in accordance with the value.
For example, an response from /auth/authorization API includes either the following values in "action" field:
- BAD_REQUEST
- FORM
- INTERACTION
- INTERNAL_SERVER_ERROR
- LOCATION
- NO_INTERACTION
action=INTERACTION indicates that an authorization request is valid. Your authorization server is expected to generate a webpage (HTML) to authenticate a user and ask his/her consent, send the webpage to the user's Web browser, and do some interaction with him/her. Once the auth process is done successfully, your authorization server will make a request to /auth/authorization/issue API. if unsuccessful (e.g. the user cancelled the process), the server will do a request to /auth/authorization/fail API instead. (cf. Ticket Parameter in Authorization Endpoint)
action=BAD_REQUEST indicates that an authorization request is invalid and your authorization server should make a "400 Bad Request" response to Web browser. The response will be like this:
HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
(API レスポンスに含まれる responseContent の値をここに置く)
action=LOCATION indicates that your authorization server is expected to make a "302 Found" response to Web browser. The response will be like this:
HTTP/1.1 302 Found
Location: (API レスポンスに含まれる responseContent の値をここに置く)
Cache-Control: no-store
Pragma: no-cache
How did we do with this article?