Log in.

Select the provider to use.



Prompt

Space delimited, case sensitive list of the below values. Determines how PixelPin should handle the login

  • default - Use the prompt value defined in the provider's config (usually empty)
  • {EMPTY STRING} - PixelPin SHOULD prompt the user for authentication if they are not already authenticated and SHOULD prompt the user for consent if they have not already consented.
  • none - PixelPin MUST NOT display any authentication or consent pages. An error is returned if the user is not already authenticated or hasn't consented. If this value appears with any other value, an error is returned.
  • login - PixelPin SHOULD prompt the user for reauthentication even if they are already authenticated.
  • consent - PixelPin SHOULD prompt the user for consent even if they have already consented.

Scope

Space delimited, case sensitive list of the below values. Determines what data PixelPin will provide about the user. Must contain openid

  • default - Use the scope value defined in the provider's config (usually "profile email openid")
  • openid (required) - The user's identifier
  • email (required) - The user's email address
  • profile (required) - The user's profile
  • address - The user's address
  • phone - The user's phone number

Response Mode

Enter one of the following values. Determines how PixelPin should handle redirecting back to us after authentication

  • default - Use the default mode for your response type: query for Authorisation Code, form_post for Implicit (spec defaults to fragment, but see "fragment" below for reasoning)
  • query - Redirect back to us with a 302, appending the result in the query string.
  • form_post - POST the result back to us using an HTML form.
  • fragment - Redirect back to us with a 302, appending the result in the URL fragment. This client cannot read fragment responses and will display an error, the user must manually inspect the URI after the IdP has responded instead.