# Obtain Authorization Code
Invoke authorization request in order to initiate face authentication flow with UAE PASS from the SP application.
The user shall be presented with UAE PASS confirmation screen on the UAE PASS app followed by face verification to confirm the request.
\
On success/failure the control will return back to the SP portal callback URL with appropriate status. In case of success the SP web portal will receive the “authorization code” to the callback URL of SP (which is pre-configured in UAE PASS). (Just change the "redirect\_uri" and "client\_id" appropriately as per your environment and other parameters as applicable).
{% hint style="warning" %}
username parameter can have the value EID, MOBILE or EMAIL.
For Residents you can use EID, MOBILE or EMAIL while for verified visitors you can use MOBILE or EMAIL as username parameter value.
{% endhint %}
#### Request
{% code overflow="wrap" %}
```
https://stg-id.uaepass.ae/idshub/authorize?response_type=code&client_id=client_id&scope=urn:uae:digitalid:profile:general&state=HnlHOJTkTb66Y5H&redirect_uri=[redirect url]&acr_values=urn:safelayer:tws:policies:authentication:level:low&username=[EID]
```
{% endcode %}
#### Request Parameters
| Name | Type | Usage | |
| ---------------------------------------------------------------------------------------- | ----- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| response\_type | Query | Required | Must take the value, code which indicates that an authorization code is requested. |
| redirect\_uri | Query | Required | Redirect URI to the application. The application waits to receive at this URI the response with the authorization code. |
| client\_id | Query | Required | Identifier of the client application. .(To be shared by UAE PASS team specific to face verification flow) |
| state | Query | Recommended | We recommend using this parameter to safeguard against CSRF attacks. |
| scope | Query | Required | List of values, separated by spaces, that represent the scope of the authorization that the application wants to obtain. It queries the scopes required for accessing the resources or services in question.(To be shared by UAE PASS team if its value other than as specified in sample above) |
| acr\_values | Query | Optional | Defines conditions for authenticating the user (minimum levels or specific flows) who must authorize the access. |
|
(To be used as specified in sample or check with UAE PASS team for more details)
| | | |
| username | Query | Required | Emirates ID, Mobile or Email of the already logged in user |
| ui\_locales | Query | Optional | Language parameter to be sent in order to render English or Arabic login pages of UAE PASS and below are the possible values: |
|
• English page : en | | | |
|
• Arabic pages : ar
| | | |
#### Response
Once the face verification request is complete, and the user has granted authorization, the application receives an HTTP GET response. The application receives this response at the redirect URL specified in the authorization request (the redirect\_uri parameter).
{% tabs %}
{% tab title="200" %}
{% code overflow="wrap" %}
```json
GET {redirection_uri_path}?code={code}&state={state} HTTP/1.1 Host: {redirection_uri_host}
```
{% endcode %}
{% endtab %}
{% tab title="Error scenario" %}
{% code overflow="wrap" %}
```json
https://stg-ids.uaepass.ae/authenticationendpoint/oauth2_error.do?oauthErrorCode=invalid_callback&oauthErrorMsg=callback.not.match&crId=71460d07-55f9-49ac-8489-04541cbe2a09
```
{% endcode %}
{% endtab %}
{% endtabs %}
{% hint style="danger" %}
Application will observe the error invalid call back (callback does not match) when the call back URL used in the authorization request does not match with the call back URL configured in the UAE PASS (Authorization server) servers.
{% endhint %}
#### Response Parameters
| Name | Description |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| code | Authorization code. Denotes the authorization that the user granted to the application. The application must use this code to obtain the access token in access token API. |
| state | The same value that the application includes in the authorization request will be returned from the authorization server (UAE PASS Server). Application should validate the received value when processing the response. |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.uaepass.ae/facial-biometric-transactions-confirmation/web-integration/integration-steps/obtain-authorization-code.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.