Skip to main content
GET
https://sandbox.connect.hopae.com
/
auth
GET https://sandbox.connect.hopae.com/auth?client_id=CLIENT_ID&redirect_uri=https%3A%2F%2Fapp.example.com%2Fcallback&response_type=code&scope=openid%20profile&state=rf9Xy1&code_challenge=AbCdEf...&code_challenge_method=S256

HTTP/1.1 302 Found
Location: https://app.example.com/callback?code=SplxlOBeZQQYbYS6WxSbIA&state=rf9Xy1
Initiate user authentication by redirecting the browser to Hopae Connect’s /auth endpoint.

Query Parameters

client_id
string
required
Your application’s OIDC client identifier.
redirect_uri
string
required
Exact match to a pre‑registered redirect URI for your client.
response_type
string
default:"code"
required
Must be code.
scope
string
default:"openid idv"
required
Space‑delimited scopes. Must include openid idv. Supported: openid, idv.
code_challenge
string
PKCE code challenge (recommended for public clients).
code_challenge_method
string
default:"S256"
Must be S256 when code_challenge is present.
nonce
string
Recommended to bind the ID Token to a client session.
acr_values
string
Request a minimum Level of Assurance. Format: loa:{level} where level is 1–5. See Level of Assurance for details.

Behavior

  • If successful, responds with 302 Found to your redirect_uri with code and state query params.
  • On failure, redirects with error and error_description (and state if provided).

Examples

GET https://sandbox.connect.hopae.com/auth?client_id=CLIENT_ID&redirect_uri=https%3A%2F%2Fapp.example.com%2Fcallback&response_type=code&scope=openid%20profile&state=rf9Xy1&code_challenge=AbCdEf...&code_challenge_method=S256

HTTP/1.1 302 Found
Location: https://app.example.com/callback?code=SplxlOBeZQQYbYS6WxSbIA&state=rf9Xy1

HTTP/1.1 302 Found
Location: https://app.example.com/callback?error=access_denied&error_description=User%20cancelled%20login&state=rf9Xy1