> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Database/AD/LDAP (Passive)

> Initiate browser-based passive authentication using a database, AD, or LDAP connection.

## Endpoint

`GET /authorize`

Use the Auth0 user store or your own database to store and manage username and password credentials. If you have your own user database, you can use it as an identity provider in Auth0 to authenticate users. When you make a `GET` call to the `/authorize` endpoint for browser-based (passive) authentication, it returns a `302` redirect to the [Auth0 Login Page](http://manage.auth0.com/login) that will show the Login Widget where the user can log in with email and password.

<Note>
  Passive authentication occurs through the browser and is initiated from the [Auth0 Login Page](http://manage.auth0.com/login), where the user enters their credentials. It does not require any custom code or backend processing like Active Authentication.
</Note>

### Remarks

* If `response_type=token`, after the user authenticates, it will redirect to your application `callback URL` passing the Access Token and ID Token in the address `location.hash`. This is used for Single-Page Apps and also on Native Mobile SDKs.
* The main difference between passive and active authentication is that the former happens in the browser through the [Auth0 Login Page](http://manage.auth0.com/login) and the latter can be invoked from anywhere (a script, server to server, and so forth).
* The sample auth0.js script uses the library version 8. If you are using auth0.js version 7, please see this [reference guide](https://auth0.com/docs/libraries/auth0js/v7).

### Learn More

* [Database Identity Providers](https://auth0.com/docs/authenticate/database-connections)
* [Rate Limits on User/Password Authentication](https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy)
* [Active Directory/LDAP Connector](https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector)
* [State Parameter](https://auth0.com/docs/secure/attack-protection/state-parameters)
* [Auth0.js /authorize Method Reference](https://auth0.com/docs/libraries/auth0js#webauth-authorize)

## Query Parameters

<ParamField query="response_type" type="string" required>
  Specifies the token type. Use `code` for server side flows and `token` for application side flows.

  Allowed values: `code`, `token`
</ParamField>

<ParamField query="client_id" type="string" required>
  The `client_id` of your application.
</ParamField>

<ParamField query="connection" type="string">
  The name of the connection configured to your application. If null, it will redirect to the [Auth0 Login Page](http://manage.auth0.com/login) and show the Login Widget using the first database connection.
</ParamField>

<ParamField query="redirect_uri" type="string" required>
  The URL to which Auth0 will redirect the browser after authorization has been granted by the user. Specify the `redirect_uri` under your [Application's Settings](https://manage.auth0.com/dashboard/#/applications).
</ParamField>

<ParamField query="scope" type="string">
  OIDC scopes and custom API scopes. For example: `openid read:timesheets`. Include `offline_access` to get a Refresh Token.
</ParamField>

<ParamField query="state" type="string">
  An opaque value the application adds to the initial request that the authorization server includes when redirecting back to the application. This value must be used by the application to prevent CSRF attacks.
</ParamField>

## Response Messages

| Status | Description                      |
| ------ | -------------------------------- |
| 302    | Redirect to the login page       |
| 400    | Bad Request - Invalid parameters |
| 500    | Internal Server Error            |