Authorization Request

Authorization Request uses extension parameters and scopes defined by OpenID Connect to request that the End-User be authenticated by the Authorization Server, which is an OpenID Connect Provider, to the Client, which is an OpenID Connect Relying Party.

At this point, the authorization server validates the redirect URL to ensure the URL in the request matches one of the URLs for the application, that MobilePay has registered. The request will also have a client_id parameter, so the service should look up the redirect URLs based on that.