> ## Documentation Index
> Fetch the complete documentation index at: https://developer.fabric.inc/llms.txt
> Use this file to discover all available pages before exploring further.

# Authorize user apps with and without PKCE

> Use this endpoint to authenticate user apps using fabric Identity. When calling this endpoint, the immediate response will be a browser redirect to the hosted Login page configured in fabric Identity. After successful authentication of the user on the hosted Login page, fabric Identity will redirect back to the user app using the provided `redirect_uri`. This endpoint supports both authorization code flow with and without Proof of Code Exchange (PKCE). <br /> **Note**: This endpoint isn't required for system app authentication (refer to `/token` endpoint instead)



## OpenAPI

````yaml authentication_v3 get /oauth2/default/v1/authorize
openapi: 3.0.0
info:
  description: >-
    fabric **Identity** API is designed to be used by all third-party developers
    for the purpose of authenticating and obtaining access tokens. These tokens
    are essential for building e-commerce solutions that seamlessly integrate
    with fabric services such as Orders, Offers, among others.
  version: 2.0.0
  termsOfService: https://fabric.inc/terms-of-use
  title: Authentication v3
  contact:
    email: support@fabric.inc
  license:
    name: fabric API License
    url: https://fabric.inc/api-license
servers:
  - url: https://{customer_name}.login.fabric.inc
    description: Production
    variables:
      customer_name:
        default: yourcompany
        description: The customer name as provided by the Support team
security: []
tags:
  - name: Authentication Endpoints
    description: >-
      These endpoints allow apps to authenticate themselves or their end users
      using fabric Identity. The main objective of these endpoints is to provide
      access tokens to applications, allowing them to invoke other fabric
      services such as Orders, Product Catalog, and more.
externalDocs:
  description: Find out more about Identity
  url: https://developer.fabric.inc/reference/identity-developer-guide-intro
paths:
  /oauth2/default/v1/authorize:
    get:
      tags:
        - Authentication Endpoints
      summary: Authorize user app with and without PKCE
      description: >-
        Use this endpoint to authenticate a user app using fabric Identity. When
        calling this endpoint, the immediate response will be a browser redirect
        to the hosted Login page configured in fabric Identity. After successful
        authentication of the user on the hosted Login page, fabric Identity
        will redirect back to the user app using the provided `redirect_uri`.
        This endpoint supports both authorization code flow with and without
        Proof of Code Exchange (PKCE). <p> **Note**: This endpoint isn't
        required for system app authentication (refer to `/token` endpoint
        instead).</p>
      operationId: authorizeUserApp
      parameters:
        - in: query
          name: client_id
          description: Client ID of the user app
          required: true
          example: 0oa3asajdykUunEjL697
          schema:
            type: string
        - in: query
          name: response_type
          description: >-
            Type of the response expected. This should always be set to `code`
            (as per OAuth 2.0 grant type, refer to
            https://datatracker.ietf.org/doc/html/rfc6749#page-19) for
            additional info.
          required: true
          example: code
          schema:
            type: string
        - in: query
          name: scope
          description: >-
            Scope of the endpoint call. This should always be set to `openid`
            (as per OpenID Connect standard. Refer to
            https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
            for additional info)
          required: true
          example: openid
          schema:
            type: string
        - in: query
          name: redirect_uri
          description: >-
            Redirect URI of the user app is where fabric Identity will redirect
            the user upon successful login. This URI should be hosted by the
            user app. As part of the redirect, you will receive the auth code
            (as `code` query parameter) which can then be exchanged for the
            access token (refer to `/token`).
          required: true
          example: http://localhost:8080
          schema:
            type: string
        - in: query
          name: state
          description: >-
            Random string created by the user app. It's used to maintain state
            between the request and the callback. The `state` helps mitigate
            Cross-Site Request Forgery (CSRF) when it's cryptographically
            derived from a browser cookie that signifies the user or session.
          required: true
          example: Jvpg3kcl6LL5irKlFZJWSwVTEuV1IB9aOfRdgAkDo0rcE8M5NFFS8Y4f6z6OSTXY
          schema:
            type: string
        - in: query
          name: code_challenge_method
          description: >-
            Required only when using authorization code flow with PKCE. A code
            challenge method supported by PKCE specification. fabric Identity
            only supports the value of `S256` (Refer to
            https://datatracker.ietf.org/doc/html/rfc7636#section-4.2 for
            additional info). This parameter is mandatory for authorization code
            flow with PKCE and isn't required for the regular authorization code
            flow.
          required: false
          example: S256
          schema:
            type: string
        - in: query
          name: code_challenge
          description: >-
            Required only when using authorization code flow with PKCE. The code
            challenge created by the user app as per the specification on PKCE -
            https://datatracker.ietf.org/doc/html/rfc7636#section-4.2.
          required: true
          example: xwVkMxyOHaY7f0yXb8pajRSMa2D1wMTrPuuIohH2PyA
          schema:
            type: string
      responses:
        '302':
          description: >-
            Found. A successful response to this endpoint will re-direct the
            user to the hosted Login page provided by the fabric Identity. Once
            the user successfully logs in, fabric Identity would re-direct the
            client back to the `redirect_uri` hosted on the user app with the
            authorization code (as query parameter `code`) and the state (as
            query parameter `state`). The `state` parameter in the callback
            would be the same value as sent in the request.

````