User login with the hosted screens is one of the most straightforward workflows when working on your Next Identity Hosted Journeys integration.
In this journey, the user will be presented with an input screen asking for a primary identifier (email address or mobile phone number, depending on your specific configuration) and will be asked to input a password if applicable.
This flow begins with your application directing users to the hosted
When the end user requests Next Identity Journeys via the
/authorize endpoint, the hosted screen will not present the registration screen if the user already has an active session in the browser. Instead, the end user will be immediately redirected back to the application with an authorization code.
If the end user does not have an existing browser-based session, the login screen will be displayed. On this login screen, if your application has been configured to allow self-registration, the user will be shown the option to create a new account.
The login request consists of the base domain + the endpoint (
/authorize) + parameters. Available parameters are listed below the example.
https://id.eu.nextreason.com/ authorize? redirect_uri=https%3A%2F%2Fappauth-js.dev.nextreason.cloud%2Fapp%2Fredirect.html &client_id=pnxf3up7tae8mbhzb9dbpbcmfbx32qjp &response_type=code &state=SWMsxiZSaa &scope=openid &prompt=consent &nonce=ztUpfEKkX7HcpASapzJDSFsBoFBbvRkNdDGEVj5TDrG58e7MwS &ui_locales=en-US &code_challenge=Pr5KkBc1CqsjVH5Izsx-CXu1HEOrtNLBPJU20-MMGWw &code_challenge_method=S256
The following parameters must be included on every
|Configures the URL the user is redirected after a successful authentication.|
Important note: this URL must be included in the safe list configuration. Contact your Next Reason integration consultant to add URLs to this list.
|The ID used to authenticate the API call. This client ID is tied to your specific configurations and rules. Contact your Next Reason integration consultant if you do not know your client ID.|
|Value that determines the authorization processing flow to be used, including what parameters are returned from the endpoints. The only acceptable parameter is: |
Typically for applications, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie. This value is required on every call, but the hosted service does not use this value in any way, it is solely for use by the application.
Doing so, the application can check and evaluate the value of the state parameter if it is correct or meets a specified criteria then perform expected actions or user journeys on the application-side.
|OpenID Connect requests must contain the OpenID |
The following parameters are optional.
|Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are:|
The Authorization Server must not display any authentication or consent user interface pages. An error is returned if an user is not already authenticated or the client does not have pre-configured consent for the requested claims or does not fulfill other conditions for processing the request. This can be used as a method to check for existing authentication and/or consent.
The Authorization Server should prompt the user for reauthentication. If it cannot reauthenticate the user, it must return an error, typically
|String value used to associate a client session with an ID token and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. Sufficient entropy must be present in the |
|Set the language to be displayed in the screen. Session cookie will save the locale setting sent for the first time, if this parameter is not present the latest language saved will be used to display the screen. It allows multiple locales and in case there's no configuration for the first one, it searches for the second one and so on.|
See Localization for list of supported locales and the accepted values.
The default country flag during mobile login or change mobile number will be based on the
|Used in PKCE protocol.|
|Used in PKCE protocol.|
|If this parameter value is passed with the call to the |