Autional Autional
API Reference GitHub autional.com →

GET /oauth/authorize

OAuth 2.0 authorization endpoint. Returns 302 redirect when redirect_uri is provided; returns JSON authorization code otherwise. Supports PKCE and PAR (via request_uri). References: RFC 6749 §4.1.1-4.1.2.1 (Authorization Code Grant), RFC 7636 (PKCE), RFC 9126 (PAR), OAuth 2.1 optional iss parameter.

OAuth None application/json

Request Parameters

NameInTypeRequiredDefaultExampleConstraintsDescription
response_type query string Yes Response type (only code supported)
client_id query string Yes Client ID
redirect_uri query string No Redirect URI
scope query string No Requested scope
state query string No Anti-CSRF state parameter
iss query string No Issuer URL(OAuth 2.1)
nonce query string No OIDC nonce parameter
code_challenge query string No PKCE Code Challenge(RFC 7636)
code_challenge_method query string No PKCE method (S256)
authorization_details query string No Authorization Details(RFC 9396)
request_uri query string No PAR Request URI(RFC 9126)

Responses

StatusDescriptionSchema
200Authorization code (when no redirect_uri)handler.authorizeCodeResponse
302Redirect to callback URL with OAuth error (invalid_request/invalid_client/unsupported_response_type)string
400invalid_request_uri: PAR request invalid/expired/already used. Reference: RFC 9126.dto.OAuthErrorResponse
500server_error: authorization server internal error. Reference: RFC 6749 §5.2.dto.OAuthErrorResponse

Referenced Schemas

dto.OAuthErrorResponse

OAuth standard error response

FieldTypeRequiredExampleConstraintsDescription
error string No invalid_request Error code
error_description string No Missing required parameter Error description
error_uri string No https://docs.example.com/errors Error URI
state string No state-123 Status

handler.authorizeCodeResponse

FieldTypeRequiredExampleConstraintsDescription
code string No
state string No