/oauth/authorize
endpoint, this endpoint:
- Requires an existing access token (Bearer authentication)
- Does NOT send a passwordless email
- Immediately returns an authorization code
- Is designed for cross-domain authentication transfers
Use Cases
This endpoint is primarily designed for:- Cross-domain authentication (e.g., rewards.thanx.com → order.thanx.com)
- Single sign-on flows where the user is already authenticated
- Mobile app to web transitions
Security Considerations
- Codes expire in 10 minutes
- Codes are single-use only
- Requires valid access token for the target user
redirect_uri
must be whitelisted for your integration
Request
OAuth Client ID (same as your application’s OAuth credentials)
Where the authorization code should be valid for redemption. Must be whitelisted.
Must be
code
Must be
passwordless
Response
The authorization code that can be exchanged for an access token
Code expiration time in seconds (typically 600 = 10 minutes)
Echo of the redirect URI for validation