Skip to main content

Create AgeKey Authorization

The Create AgeKey authorization endpoint initiates the AgeKey creation flow for users. Your application should redirect the user's browser to this endpoint with the pre-generated PAR request_uri to start the AgeKey creation process.

OAuth 2.0 Specification

This endpoint implements the OAuth 2.0 Authorization Endpoint with Pushed Authorization Request (PAR) support by using the returned request_uri parameter.

Authorization endpoint

curl -X GET "https://api.agekey.org/v1/oidc/create" \
  -G \
  -d "scope=openid" \
  -d "response_type=none" \
  -d "client_id=your-client-id" \
  -d "redirect_uri=https://yourapp.com/agekey/create-callback" \
  -d "request_uri=urn:agekey:request:AjcP1Yt7Np0"

Parameters

ParameterTypeRequiredDescription
scopestringYesAlways set to openid
response_typestringYesAlways set to none
client_idstringYesYour AgeKey client ID
redirect_uristringYesSame URI used in PAR request
request_uristringYesThe Request URI from PAR response
languagestringNoOptional IETF BCP 47 language tag (for example en-US, pt-BR) to set the AgeKey UI language for this redirect. When omitted, the UI follows the visitor's browser language preferences.

Response

On success, users are redirected to your redirect_uri:

https://yourapp.com/agekey/create-callback?state=abc123xyz789
note

Unlike the Use AgeKey flow, no id_token is returned. Success is indicated by the absence of an error parameter.