My company is in need of developing it’s own custom social connection and with that we are also implementing the necessary OAuth2 endpoints.
My question is what exactly are the Authorization URL and Token URL endpoints expected to take in and return?
Are they supposed to be GET or POST requests?
I have looked over this documentation but I am still unsure.
The user will be sent to the authorization URL, and it should be a GET call. The call is made to the authorization server (an Oauth 2.0 server), in Auth0 the call looks like this:
GET https://YOUR_DOMAIN/authorize?
audience=API_IDENTIFIER&
scope=SCOPE&
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://YOUR_APP/callback&
state=STATE
The Token URL it’s used to get an Access Token for the API and it should be a POST to the token endpoint. When Auth0 is the authorization server, the call looks like POST https://YOUR_DOMAIN/oauth/token