Request Service Account Authorization

Required plan: Growth

Description #

In order to gain access to the calendars of a domain with an Enterprise Connect account it must be authorized by an administrator of that domain.

Example Request #

https://app.cronofy.com/enterprise_connect/oauth/authorize
    ?response_type=code
    &client_id={CLIENT_ID}
    &redirect_uri={REDIRECT_URI}
    &scope={SCOPE}
    &delegated_scope={DELEGATED_SCOPE}
    &state={STATE}

Note that the URL for this method differs from that used when authorizing an individual calendar account.

data_center_app_url required

The URL for the data center you want to communicate with. Possible choices are:

  • app-au.cronofy.com - πŸ‡¦πŸ‡Ί Australia
  • app-ca.cronofy.com - πŸ‡¨πŸ‡¦ Canada
  • app-de.cronofy.com - πŸ‡©πŸ‡ͺ Germany
  • app-sg.cronofy.com - πŸ‡ΈπŸ‡¬ Singapore
  • app-uk.cronofy.com - πŸ‡¬πŸ‡§ United Kingdom
  • app.cronofy.com - πŸ‡ΊπŸ‡Έ United States

Find out more about Cronofy's data centers.

response_type required  #

Must always be code as that is the only grant type supported by Cronofy.

client_id required  #

The client_id issued to you by Cronofy to authenticate your OAuth Client. Authenticates you as a trusted client.

redirect_uri required  #

The HTTP or HTTPS URI you wish the user’s authorization request decision to be redirected to.

scope required  #

The scope of the privileges you want the Enterprise Connect account to be granted. At least one of the following scopes must be requested:

  • service_account/accounts/manage to allow authorization of accounts
  • service_account/accounts/unrestricted_access to allow elevation of access for accounts
  • service_account/resources/manage to allow authorization of resources
  • service_account/resources/unrestricted_access to allow elevation of access for resources

Multiple scopes can be granted if separated with a space:

&scope=service_account/accounts/unrestricted_access service_account/resources/manage

delegated_scope required  #

The scope of the privileges that can be granted when requesting access to users and resources. Examples include:

  • read_only
  • write_only
  • read_write
  • free_busy
  • free_busy_write

See the full scope list and documentation for more information.

state optional  #

A value that will be returned to you unaltered along with the user’s authorization request decision.

The OAuth 2.0 RFC recommends using this to prevent cross-site request forgery.

code_challenge optional  #

A parameter used to protect against an authorization code intercept attack defined in RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients.

Providing this value will mean that a corresponding code_verifier parameter must be provided when redeeming an authorization code for an access_token.

code_challenge_method optional  #

Describes the method used to verify the code_verifier parameter that will be sent when the access_token is requested. Two values are supported.

  • S256
  • plain

If not passed then plain is the default used if a code_challenge parameter is provided.

Response URL parameters #

You will not receive a direct response to your authorization request, instead the administrator will be redirected to the redirect_uri with additional querystring parameters specified.

The responses are fully specified in section 4.1.2 of RFC 6749.

Successful response #

code  #

A short-lived, single-use code to be used to make an Access Token Request.

Will always be 32 character String of ASCII characters.

state  #

The value you passed for the state within the authorization request.

Error response #

error  #

A single ASCII error code. The complete list is within section 4.1.2.1 of RFC 6749, these are the most commonly encountered:

  • access_denied the administrator declined your request
  • unsupported_response_type your request’s response_type was not code
  • invalid_scope no valid scopes were specified in your request’s scope