GET /oauth/auz/grants/{GrantID}/auzcomplete

Completes the process of authentication and authorization. Changes the grant status to Active or Rejected based on the authorization action, removes the temporary cookie that was in use during provisioning, and returns the resource owner to the redirect URI along with additional information such as the state parameter and the code, token, or id token.

This operation redirects the user back to the application, along with additional information such as authorization code, access token, or ID token:

  • Authorization code grant type: returns authorization code
  • Implicit grant type: returns access token.
  • OpenID Connect request: what is returned is determined by the values provided in the response_type parameter. If the response_type includes id_token, this operation sends the ID token, and so on.

The response also includes the state parameter. The request for resource owner authorization includes redirect uri and state parameter; these two are used when sending the user back to the application, along with the authorization code, access token or id token, depending on the value in the response_type parameter of the request.

Authorization Roles/Permissions: Must be the resource owner.

This topic includes the following sections:

HTTP Method




Sample Request

The example below shows a redirect request. Grant provisioning is complete, and the GrantID is returned in the URL.

Sample Request URL


Sample request headers

GET /oauth/auz/grants/hc3rl7hhhcfj/auzcomplete HTTP/1.1
Host: {oauth-provider-hostname}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Sample request body

Not applicable.

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept text/xml

Request Parameters

Parameter Parm Type Data Type Required Description
GrantID Path string Required The unique ID for a specific instance of an OAuth grant.


If successful:

  • The user is redirected to the redirect URL configured for the app.
  • The temporary cookie is removed.

The response can contain id token, code, token, or a combination, based on the response_type value specified. These elements can be added as query parameters to the Redirect URL, or sent as fragment parameters, or sent to the redirect URL using HTTP POST, based on the response mode chosen.

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers


Sample response body


Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type text/xml

Response Body

No response content. The result of this operation is that the user is redirected to the client's Redirect URI and the temporary cookie is removed.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
200 The resource owner or authorization server rejected the request; access_denied.
500 Invalid grant ID.
500 An error occurred processing the call.

More information about Akana OAuth API error messages.