Authorization URL

Authorization URL is the first step in the Single Sign-on flow where you will redirect the user to Scalekit to authenticate the user with the appropriate Identity Provider.

Your application constructs a URL with specific parameters that tell the authorization server(in this case: Scalekit) what the app is requesting. This URL looks like:

https://b2b-app.scalekit.dev/oauth/authorize?
    response_type=code&
    client_id=skc_1234&
    scope=openid%20profile&
    redirect_uri=https%3A%2F%2Fyoursaas.com%2Fcallback&
    organization_id=org_1243412&
    state=aHR0cHM6Ly95b3Vyc2Fhcy5jb20vZGVlcGxpbms%3D

Parameters

Parameter	Requirement	Description
client_id	Required	Unique identifier obtained from the API Credentials page
nonce	Optional	Random value for replay protection
organization_id	Required*	Identifier for the organization initiating SSO
connection_id	Required*	Identifier for the specific SSO connection
domain	Required*	Domain part of the email address configured for an organization
provider	Required*	Unique provider name for Social Login. Currently, we support the following providers: google, microsoft, github, gitlab, linkedin, salesforce
response_type	Required	Must be set to code
redirect_uri	Required	URL where the response is sent, must match an authorized value
scope	Required	Must be set to openid email profile
state	Optional	Opaque string for request-response correlation
login_hint	Optional	Email address of the user for authentication hint

* One of organization_id, connection_id, domain, or provider must be provided.

Usage Notes

1. The redirect_uri must exactly match one of the authorized redirect values set in the API Credentials page.
2. The state parameter is recommended for security purposes, including protection against cross-site request forgery.
3. The login_hint can be used to prefill login information at the identity provider.

SDK Usage

Node.js

import { ScalekitClient } from '@scalekit-sdk/node';

const scalekit = new ScalekitClient(
  '<SCALEKIT_ENVIRONMENT_URL>',
  '<SCALEKIT_CLIENT_ID>',
  '<SCALEKIT_CLIENT_SECRET>',
);

const options = {
  loginHint: 'user@example.com',
  organizationId: 'org_123235245',
};

const authorizationURL = scalekit.getAuthorizationUrl(
  redirectUri,
  options,
);

Python

from scalekit import ScalekitClient, AuthorizationUrlOptions

scalekit = ScalekitClient(
  '<SCALEKIT_ENVIRONMENT_URL>',
  '<SCALEKIT_CLIENT_ID>',
  '<SCALEKIT_CLIENT_SECRET>'
)

options = AuthorizationUrlOptions(
  organization_id="org_12345",
  login_hint="user@example.com",
)

authorization_url = scalekit.get_authorization_url(
  redirect_uri,
  options
)

Go

import (
  "github.com/scalekit/scalekit-sdk-go"
)

func main() {
  scalekitClient := scalekit.NewScalekitClient(
    "<SCALEKIT_ENVIRONMENT_URL>",
    "<SCALEKIT_CLIENT_ID>",
    "<SCALEKIT_CLIENT_SECRET>"
  )

  options := scalekitClient.AuthorizationUrlOptions{
    OrganizationId: "org_12345",
    LoginHint: "user@example.com",
  }

  authorizationURL := scalekitClient.GetAuthorizationUrl(
    redirectUrl,
    options,
  )
}

Java

package com.scalekit;

import com.scalekit.ScalekitClient;
import com.scalekit.internal.http.AuthorizationUrlOptions;

public class Main {

  public static void main(String[] args) {
    ScalekitClient scalekitClient = new ScalekitClient(
      "<SCALEKIT_ENVIRONMENT_URL>",
      "<SCALEKIT_CLIENT_ID>",
      "<SCALEKIT_CLIENT_SECRET>"
    );
    AuthorizationUrlOptions options = new AuthorizationUrlOptions();
    // Option 1: Authorization URL with the organization ID
    options.setOrganizationId("org_13388706786312310");
    // Option 2: Authorization URL with the connection ID
    options.setConnectionId("con_13388706786312310");
    // Option 3: Authorization URL with login hint
    options.setLoginHint("user@example.com");

    try {
      String url = scalekitClient
        .authentication()
        .getAuthorizationUrl(redirectUrl, options)
        .toString();
    } catch (Exception e) {
      System.out.println(e.getMessage());
    }
  }
}