Ticket Parameter in Authorization Endpoint

Authlete's Authorization Endpoint APIs are backend APIs to implement an authorization endpoint. The APIs are comprised of two types of APIs:

API that understands authorization requests and provides information that will be required in the next step, such as end-user authentication, and
- /auth/authorization
API that issues tokens or codes, or returns errors
- /auth/authorization/fail, /auth/authorization/issue

These two APIs are linked using "ticket."

First, Authlete /auth/authorization API returns ticket in its response to authorization requests. Then, auth/authorization/issue or auth/authorization/fail API receives the ticket and process the authorization requests to issue tokens or codes or return errors.

Here is a couple of nature of the ticket.

A ticket will be expired in 24 hours. Expired tickets will be deleted from Authlete's database.
A ticket can only be used once. When auth/authorization/issue or auth/authorization/fail API receives and process a ticket, it will be removed from the database.

When you use a ticket that has already been used or expired, you will get an error code like below:

[A041202] There is no entity having the ticket specified in the /api/auth/authorization/issue request (ticket = {Ticket}).

Please note that tickets are designed to be used only between an authorization server and Authlete server; It must thus not be used between an authorization server and user agent, such as web browser, to manage sessions, for example.

How did we do with this article?

Authlete Knowledge Base (Beta)

Ticket Parameter in Authorization Endpoint

Free Trial

Looking for something?

<img src="https://assets.timelapsehc.com/uploads/site/logo/313/standard_authlete-logo-image-white-with-transparent-bg-256.png?v=1569902853" alt="Standard authlete logo image white with transparent bg 256" /> Authlete Knowledge Base (Beta)

Ticket Parameter in Authorization Endpoint

Free Trial

Looking for something?

Authlete Knowledge Base (Beta)