--- descriptions: get_authorization_url: response_type: > The only valid option for the response type parameter is `"code"`. The `"code"` parameter value initiates an [authorization code grant type](https://tools.ietf.org/html/rfc6749#section-4.1). This grant type allows you to exchange an authorization code for an access token during the redirect that takes place after a user has authenticated with an identity provider. redirect_uri: >- Where to redirect the user after they complete the authentication process. You must use one of the redirect URIs configured via the [Redirects](https://dashboard.workos.com/redirects) page on the dashboard. connection: > Used to initiate SSO for a connection. The value should be a WorkOS connection ID. You can persist the WorkOS connection ID with application user or team identifiers. WorkOS will use the connection indicated by the connection parameter to direct the user to the corresponding IdP for authentication. organization: > Used to initiate SSO for an organization. The value should be a WorkOS organization ID. You can persist the WorkOS organization ID with application user or team identifiers. WorkOS will use the organization ID to determine the appropriate connection and the IdP to direct the user to for authentication. provider: > Used to initiate OAuth authentication with Google, Microsoft, GitHub, or Apple. state: > An optional parameter that can be used to encode arbitrary information to help restore application state between redirects. If included, the redirect URI received from WorkOS will contain the exact `state` that was passed. login_hint: > Can be used to pre-fill the username/email address field of the IdP sign-in page for the user, if you know their username ahead of time. Currently, this parameter is supported for OAuth, OpenID Connect, Okta, and Entra ID connections. domain_hint: > Can be used to pre-fill the domain field when initiating authentication with Microsoft OAuth or with a Google SAML connection type. provider_scopes: > Additional OAuth scopes to request from the identity provider. Only applicable when using OAuth connections. provider_query_params: > Key/value pairs of query parameters to pass to the OAuth provider. Only applicable when using OAuth connections. url: An OAuth 2.0 authorization URL. reference: curl: - url: /reference/sso/get-authorization-url key: get_authorization_url id: get_authorization_url title: /sso/authorize type: GET properties: - key: response_type type: '"code"' description: (get_authorization_url.response_type) - key: client_id type: string description: (client_id) - key: redirect_uri type: string description: (get_authorization_url.redirect_uri) - key: connection optional: true type: string description: (get_authorization_url.connection) - key: organization optional: true type: string description: (get_authorization_url.organization) - key: provider optional: true type: '"AppleOAuth" | "GitHubOAuth" | "GoogleOAuth" | "MicrosoftOAuth"' description: (get_authorization_url.provider) - key: state optional: true type: string description: (get_authorization_url.state) - key: login_hint optional: true type: string description: (get_authorization_url.login_hint) - key: domain_hint optional: true type: string description: (get_authorization_url.domain_hint) - key: provider_scopes optional: true type: string description: (get_authorization_url.provider_scopes) - key: provider_query_params optional: true type: object description: (get_authorization_url.provider_query_params) returns: - key: url type: string description: (get_authorization_url.url) dotnet: - url: /reference/sso/get-authorization-url key: GetAuthorizationURL patternBefore: ssoService. id: get_authorization_url title: ssoService.GetAuthorizationURL() parameters: - key: options type: GetAuthorizationURLOptions expanded: true properties: - key: ResponseType type: '"code"' description: (get_authorization_url.response_type) - key: ClientId type: string description: (client_id) - key: RedirectURI type: string description: (get_authorization_url.redirect_uri) - key: Connection optional: true type: string description: (get_authorization_url.connection) - key: Organization optional: true type: string description: (get_authorization_url.organization) - key: Provider optional: true type: ProviderType description: (get_authorization_url.provider) - key: State optional: true type: string description: (get_authorization_url.state) - key: LoginHint optional: true type: string description: (get_authorization_url.login_hint) - key: DomainHint optional: true type: string description: (get_authorization_url.domain_hint) returns: - key: url type: string description: (get_authorization_url.url) java: - url: /reference/sso/get-authorization-url key: getAuthorizationUrl patternBefore: sso. id: get_authorization_url title: sso.getAuthorizationUrl() parameters: - key: clientId type: String - key: redirectUri type: String returns: - key: builder type: AuthorizationUrlOptionsBuilder expanded: true properties: - key: 'connection(value: String)' description: (get_authorization_url.connection) - key: 'organization(value: String)' description: (get_authorization_url.organization) - key: 'provider(value: String)' description: (get_authorization_url.provider) - key: 'state(value: String)' description: (get_authorization_url.state) - key: 'domainHint(value: String)' description: (get_authorization_url.domain_hint) - key: 'loginHint(value: String)' description: (get_authorization_url.login_hint) - key: build() type: String description: Performs the request and returns an OAuth 2.0 authorization URL. ruby: - url: /reference/sso/get-authorization-url key: authorization_url patternBefore: SSO. id: get_authorization_url title: SSO.authorization_url() parameters: - key: redirect_uri type: String description: (get_authorization_url.redirect_uri) - key: client_id type: String description: (client_id) - key: connection optional: true type: String description: (get_authorization_url.connection) - key: organization optional: true type: String description: (get_authorization_url.organization) - key: provider optional: true type: '"AppleOAuth" | "GitHubOAuth" | "GoogleOAuth" | "MicrosoftOAuth"' description: (get_authorization_url.provider) - key: state optional: true type: String description: (get_authorization_url.state) - key: login_hint optional: true type: String description: (get_authorization_url.login_hint) - key: domain_hint optional: true type: String description: (get_authorization_url.domain_hint) returns: - key: url type: String description: (get_authorization_url.url) php: - url: /reference/sso/get-authorization-url key: getAuthorizationUrl patternBefore: sso-> id: get_authorization_url title: $sso->getAuthorizationUrl() parameters: - key: redirectUri type: string description: (get_authorization_url.redirect_uri) - key: connection optional: true type: string description: (get_authorization_url.connection) - key: organization optional: true type: string description: (get_authorization_url.organization) - key: provider optional: true type: '"AppleOAuth" | "GitHubOAuth" | "GoogleOAuth" | "MicrosoftOAuth"' description: (get_authorization_url.provider) - key: state optional: true type: string description: (get_authorization_url.state) - key: loginHint optional: true type: string description: (get_authorization_url.login_hint) - key: domainHint optional: true type: string description: (get_authorization_url.domain_hint) returns: - key: url type: string description: (get_authorization_url.url) python: - url: /reference/sso/get-authorization-url key: get_authorization_url patternBefore: sso. id: get_authorization_url title: sso.get_authorization_url() parameters: - key: redirect_uri type: str description: (get_authorization_url.redirect_uri) - key: connection_id optional: true type: str description: (get_authorization_url.connection) - key: organization_id optional: true type: str description: (get_authorization_url.organization) - key: provider optional: true type: SsoProviderType description: (get_authorization_url.provider) - key: state optional: true type: str description: (get_authorization_url.state) - key: login_hint optional: true type: str description: (get_authorization_url.login_hint) - key: domain_hint optional: true type: str description: (get_authorization_url.domain_hint) returns: - key: url type: str description: (get_authorization_url.url) js: - url: /reference/sso/get-authorization-url key: getAuthorizationUrl patternBefore: sso. id: get_authorization_url title: sso.getAuthorizationUrl() parameters: - key: options type: object unwrap: true properties: - key: redirectUri type: string description: (get_authorization_url.redirect_uri) - key: clientId type: string description: (client_id) - key: connection optional: true type: string description: (get_authorization_url.connection) - key: organization optional: true type: string description: (get_authorization_url.organization) - key: provider optional: true type: '"AppleOAuth" | "GitHubOAuth" | "GoogleOAuth" | "MicrosoftOAuth"' description: (get_authorization_url.provider) - key: state optional: true type: string description: (get_authorization_url.state) - key: loginHint optional: true type: string description: (get_authorization_url.login_hint) - key: domainHint optional: true type: string description: (get_authorization_url.domain_hint) - key: providerScopes optional: true type: string description: (get_authorization_url.provider_scopes) - key: providerQueryParams optional: true type: object description: (get_authorization_url.provider_query_params) returns: - key: url type: string description: (get_authorization_url.url) go: - url: /reference/sso/get-authorization-url patternBefore: sso. key: GetAuthorizationURL id: get_authorization_url title: sso.GetAuthorizationURL() parameters: - key: opts type: sso.GetAuthorizationURLOpts expanded: true properties: - key: RedirectURI type: string description: (get_authorization_url.redirect_uri) - key: Connection optional: true type: string description: (get_authorization_url.connection) - key: Organization optional: true type: string description: (get_authorization_url.organization) - key: Provider optional: true type: sso.ConnectionType description: (get_authorization_url.provider) - key: State optional: true type: string description: (get_authorization_url.state) - key: LoginHint optional: true type: string description: (get_authorization_url.login_hint) - key: DomainHint optional: true type: string description: (get_authorization_url.domain_hint) returns: - key: url type: url.URL description: (get_authorization_url.url) - (err) - url: /reference/sso/get-authorization-url key: Login id: go_login title: sso.Login() parameters: - key: opts type: sso.GetAuthorizationURLOpts expanded: true properties: - key: RedirectURI type: string description: (get_authorization_url.redirect_uri) - key: Connection optional: true type: string description: (get_authorization_url.connection) - key: Organization optional: true type: string description: (get_authorization_url.organization) - key: Provider optional: true type: sso.ConnectionType description: (get_authorization_url.provider) - key: State optional: true type: string description: (get_authorization_url.state) - key: LoginHint optional: true type: string description: (get_authorization_url.login_hint) - key: DomainHint optional: true type: string description: (get_authorization_url.domain_hint) returns: - key: handler type: http.Handler originalPath: >- .tmp-workos-clone/packages/docs/content/reference/sso/get-authorization-url/index.mdx --- # Get an authorization URL Generates an OAuth 2.0 authorization URL to authenticate a user with SSO. You’ll have to specify the user’s connection, organization, or OAuth provider as a parameter. These connection selectors are mutually exclusive, and exactly one must be provided. The generated URL automatically directs the user to their identity provider. Once the user authenticates with their identity provider, WorkOS then issues a redirect to your redirect URI to complete the sign-in flow.