DocCheck Login documentation
K

# Authorization Endpoint

This page describes the Authorization endpoint for external integrations. When using the DocCheck Login button, the login flow is started automatically via this endpoint.

https://auth.doccheck.com/en/authorize?
  grant_type=authorization_code&
  response_type=code&
  client_id=[login_client_id]&
  redirect_uri=[redirect_uri]&
  scope=[scope+scope+scope]&
  state=[optional_data]

The language prefix in this example is en. In general, six languages can be selected via the path: de, en, fr, it, nl, es — for example /de/authorize or /en/authorize.

Make sure that all parameters are set correctly and that redirect_uri is URL-encoded.

# Parameter description

  • grant_type — is always authorization_code.
  • response_type — is always code.
  • client_id — your client_id, as shown in the settings of your Login Client in DocCheck Access.
  • redirect_uri — must exactly match one of the redirect URLs registered in DocCheck Access. Use URL-encoding.
  • scope — optional; space-separated scopes; in the query string encode spaces as + or %20 (e.g. unique_id+profession+country+language).
  • state — optional; recommended for CSRF protection and for passing state information.

# Example

Example request:

https://auth.doccheck.com/en/authorize?grant_type=authorization_code&response_type=code&client_id=2d4aa56f-f8d4-5f7e-a497-5e07b388d6ed&redirect_uri=https%3A%2F%2Fdemo-auth.doccheck.com%2Flogin_check_oauth&scope=unique_id+email+profession+occupation_detail

Note: This example originates from our Demo Auth project. See the Demo Auth documentation: Demo Project.

Make sure that redirect_uri is fully URL-encoded (see example: https%3A%2F%2Fdemo-auth.doccheck.com%2Flogin...).

# Troubleshooting / Test checklist

  • Is the client_id correct and active?
  • Does the registered redirect_uri exactly match the one provided (including protocol and trailing slash)?
  • Is the redirect_uri URL-encoded in the request?
  • Are the required scopes set and allowed for the client?
  • Is state used to support CSRF and redirect validation?
  • Check server and browser logs for errors (e.g. invalid_request, unauthorized_client).
ON THIS PAGE
Parameter description
Example
Troubleshooting / Test checklist