Authorization URL
The authorization endpoint is where your application redirects users to begin the authentication process. Scalekit powers this endpoint and handles redirecting users to the appropriate identity provider.
https://SCALEKIT_ENVIRONMENT_URL/oauth/authorize? response_type=code& client_id=skc_1234& scope=openid%20profile& redirect_uri=https%3A%2F%2Fyoursaas.com%2Fcallback& organization_id=org_1243412& state=aHR0cHM6Ly95b3Vyc2Fhcy5jb20vZGVlcGxpbms%3D
Parameters
Section titled “Parameters”Parameter | Requirement | Description |
---|---|---|
client_id | Required | Your unique client identifier from the API credentials page |
nonce | Optional | Random value for replay protection |
organization_id | Required* | Identifier for the organization initiating SSO |
connection_id | Required* | Identifier for the specific SSO connection |
domain | Required* | Domain portion of email addresses configured for an organization |
provider | Required* | Social login provider name. Supported providers: google , microsoft , github , gitlab , linkedin , salesforce |
response_type | Required | Must be set to code |
redirect_uri | Required | URL where Scalekit sends the response. Must match an authorized redirect URI |
scope | Required | Must be set to openid email profile |
state | Optional | Opaque string for request-response correlation |
login_hint | Optional | User’s email address for prefilling the login form |
* You must provide one of organization_id
, connection_id
, domain
, or provider
.
SDK usage
Section titled “SDK usage”Use Scalekit SDKs to generate authorization URLs programmatically. This approach handles parameter encoding and validation automatically.
import { ScalekitClient } from '@scalekit-sdk/node';
const scalekit = new ScalekitClient( 'https://your-subdomain.scalekit.dev', '<SCALEKIT_CLIENT_ID>', '<SCALEKIT_CLIENT_SECRET>');
const options = { loginHint: 'user@example.com', organizationId: 'org_123235245',};
const authorizationURL = scalekit.getAuthorizationUrl(redirectUri, options);// Example generated URL:// https://your-subdomain.scalekit.dev/oauth/authorize?response_type=code&client_id=skc_1234&scope=openid%20profile&redirect_uri=https%3A%2F%2Fyoursaas.com%2Fcallback&organization_id=org_123235245&login_hint=user%40example.com&state=abc123
from scalekit import ScalekitClient, AuthorizationUrlOptions
scalekit = ScalekitClient( 'https://your-subdomain.scalekit.dev', '<SCALEKIT_CLIENT_ID>', '<SCALEKIT_CLIENT_SECRET>')
options = AuthorizationUrlOptions( organization_id="org_12345", login_hint="user@example.com",)
authorization_url = scalekit.get_authorization_url( redirect_uri, options)# Example generated URL:# https://your-subdomain.scalekit.dev/oauth/authorize?response_type=code&client_id=skc_1234&scope=openid%20profile&redirect_uri=https%3A%2F%2Fyoursaas.com%2Fcallback&organization_id=org_12345&login_hint=user%40example.com&state=abc123
import ( "github.com/scalekit/scalekit-sdk-go")
func main() { scalekitClient := scalekit.NewScalekitClient( "https://your-subdomain.scalekit.dev", "<SCALEKIT_CLIENT_ID>", "<SCALEKIT_CLIENT_SECRET>" )
options := scalekitClient.AuthorizationUrlOptions{ OrganizationId: "org_12345", LoginHint: "user@example.com", }
authorizationURL := scalekitClient.GetAuthorizationUrl( redirectUrl, options, ) // Example generated URL: // https://your-subdomain.scalekit.dev/oauth/authorize?response_type=code&client_id=skc_1234&scope=openid%20profile&redirect_uri=https%3A%2F%2Fyoursaas.com%2Fcallback&organization_id=org_12345&login_hint=user%40example.com&state=abc123}
package com.scalekit;
import com.scalekit.ScalekitClient;import com.scalekit.internal.http.AuthorizationUrlOptions;
public class Main { public static void main(String[] args) { ScalekitClient scalekitClient = new ScalekitClient( "https://your-subdomain.scalekit.dev", "<SCALEKIT_CLIENT_ID>", "<SCALEKIT_CLIENT_SECRET>" ); AuthorizationUrlOptions options = new AuthorizationUrlOptions(); // Option 1: Authorization URL with the organization ID options.setOrganizationId("org_13388706786312310"); // Option 2: Authorization URL with the connection ID options.setConnectionId("con_13388706786312310"); // Option 3: Authorization URL with login hint options.setLoginHint("user@example.com");
try { String url = scalekitClient.authentication().getAuthorizationUrl(redirectUrl, options).toString(); // Example generated URL: // https://your-subdomain.scalekit.dev/oauth/authorize?response_type=code&client_id=skc_1234&scope=openid%20profile&redirect_uri=https%3A%2F%2Fyoursaas.com%2Fcallback&organization_id=org_13388706786312310&connection_id=con_13388706786312310&login_hint=user%40example.com&state=abc123 } catch (Exception e) { System.out.println(e.getMessage()); } }}
Parameter precedence
Section titled “Parameter precedence”When you provide multiple connection parameters, Scalekit follows a specific precedence order to determine which identity provider to use:
-
provider
(highest precedence): If present, Scalekit ignores all other connection parameters and directs users to the specified social login provider. For example,provider=google
redirects users to Google’s login screen. See Social Login for more details. -
connection_id
: Takes highest precedence among enterprise SSO parameters. Scalekit uses this specific connection if you provide a valid connection ID. If the connection ID is invalid, the authorization request fails. -
organization_id
: Scalekit uses this parameter when no validconnection_id
is provided. It selects the SSO connection configured for the specified organization. -
domain
: Scalekit uses this parameter when neitherconnection_id
nororganization_id
are provided. It selects the SSO connection configured for the specified domain. -
login_hint
(lowest precedence): Scalekit extracts the domain portion from the email address and uses the corresponding SSO connection mapped to that organization.