# Authorize

The starting point for browser-based OpenID Connect flows. This endpoint authenticates the user and returns an authorization grant or an access token to callback endpoint at the specified .


Endpoint: GET /realms/{realm}/protocol/openid-connect/auth
Version: 2.0

## Path parameters:

  - `realm` (string, required)
    The authentication realm.
    Enum: "dev1", "qa1", "qa2", "qa3", "qa4", "qa5", "integration", "tidepool"

## Query parameters:

  - `client_id` (string, required)
    Client Identifier valid at the Authorization Server

  - `scope` (array, required)
    OpenID Connect requests MUST contain the  scope value
    Enum: "openid", "email"

  - `response_type` (string, required)
    Response Type value that determines the authorization processing flow to be used, including what parameters are returned from the endpoints used. When using the Authorization Code Flow, this value is .
    Enum: "code"

  - `redirect_uri` (string, required)
    Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider

  - `login_hint` (string)
    Hint to the Authorization Server about the login identifier the End-User might use to log in

  - `kc_idp_hint` (string)
    OIDC applications can bypass the login page by hinting at the identity provider they want to use

  - `prompt` (string)
    Specifies whether the Authorization Server prompts the End-User for reauthentication and consent
    Enum: "none", "login"