This feature requires that Edlink cookies are enabled.
The authorization endpoint in OpenID Connect (OIDC) is used to initiate the authentication process. Clients (applications) redirect users to this endpoint to begin the process of obtaining an authorization code or tokens. Here’s how you can use the authorization_endpoint provided in the configuration.
Endpoint Details
In the provided configuration, the authorization endpoint is:
"authorization_endpoint": "https://ed.link/api/authentication/oidc/authorize"
Steps to Use the Authorization Endpoint
1. Prepare the Authorization Request URL
To use the authorization endpoint, you need to construct a URL with the necessary query parameters. Here’s a breakdown of the required parameters:
- response_type: Specifies the type of response you want. Common values are
code,token, orid_token. - client_id: The client identifier issued to the client during the registration process.
- redirect_uri: The URI to which the response will be sent. This must match one of the pre-registered redirect URIs.
- scope: The scopes requested. Common scopes include
openid,profile, andemail. - state: A random string to maintain state between the request and the callback, providing protection against cross-site request forgery attacks.
2. Construct the Authorization URL
Here is an example of how to construct the authorization URL:
const authorizationUrl = `https://ed.link/api/authentication/oidc/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&scope=openid%20profile%20email&state=RANDOM_STATE`;
Replace the placeholders with your actual values:
YOUR_CLIENT_ID: Your registered client ID.YOUR_REDIRECT_URI: The URI to which the authorization response will be sent.RANDOM_STATE: A securely generated random string.
3. Redirect the User
Redirect the user’s browser to the constructed authorization URL. This can be done using a simple HTTP redirect in your server-side code or by setting window.location in client-side JavaScript:
window.location.href = authorizationUrl;
4. Handle the Authorization Response
After the user successfully authenticates and authorizes your application, Edlink will redirect the user back to the redirect_uri you specified, including the authorization code or tokens in the query parameters.
For example, if you requested an authorization code, the response might look like this:
https://yourapp.com/callback?code=AUTHORIZATION_CODE&state=RANDOM_STATE
5. Exchange the Authorization Code for Tokens
On your server, handle the redirect by extracting the authorization code from the query parameters and exchanging it for tokens at the token endpoint. Here is an example in Node.js using the axios library:
const axios = require('axios');
async function exchangeCodeForToken(code) {
const tokenResponse = await axios.post('https://ed.link/api/authentication/oidc/token', {
grant_type: 'authorization_code',
code: code,
redirect_uri: 'YOUR_REDIRECT_URI',
client_id: 'YOUR_CLIENT_ID',
client_secret: 'YOUR_CLIENT_SECRET'
});
return tokenResponse.data;
}
Replace YOUR_CLIENT_ID, YOUR_CLIENT_SECRET, and YOUR_REDIRECT_URI with your actual values.
Example Flow
- User visits your application and clicks a "Login" button.
- Your application redirects the user to the authorization endpoint with the appropriate parameters.
- User authenticates with the SSO Provider (LMS/SIS) and grants consent.
- Edlink redirects the user back to your application with an authorization code.
- Your application exchanges the authorization code for tokens (access token, ID token) at the token endpoint.
- Your application uses the tokens to authenticate API requests and access user information.
Conclusion
Using the authorization endpoint involves constructing a URL with the necessary parameters, redirecting the user to that URL, handling the response, and exchanging the authorization code for tokens. By following these steps, you can successfully implement OIDC authentication in your application.