GET /oauth/authorize
OAuth 2.0 authorization endpoint. Returns 302 redirect when redirect_uri is provided; returns JSON authorization code otherwise. Supports PKCE and PAR (via request_uri). References: RFC 6749 §4.1.1-4.1.2.1 (Authorization Code Grant), RFC 7636 (PKCE), RFC 9126 (PAR), OAuth 2.1 optional iss parameter.
OAuth None application/json
Request Parameters
| Name | In | Type | Required | Default | Example | Constraints | Description |
response_type |
query |
string |
Yes |
|
|
|
Response type (only code supported) |
client_id |
query |
string |
Yes |
|
|
|
Client ID |
redirect_uri |
query |
string |
No |
|
|
|
Redirect URI |
scope |
query |
string |
No |
|
|
|
Requested scope |
state |
query |
string |
No |
|
|
|
Anti-CSRF state parameter |
iss |
query |
string |
No |
|
|
|
Issuer URL(OAuth 2.1) |
nonce |
query |
string |
No |
|
|
|
OIDC nonce parameter |
code_challenge |
query |
string |
No |
|
|
|
PKCE Code Challenge(RFC 7636) |
code_challenge_method |
query |
string |
No |
|
|
|
PKCE method (S256) |
authorization_details |
query |
string |
No |
|
|
|
Authorization Details(RFC 9396) |
request_uri |
query |
string |
No |
|
|
|
PAR Request URI(RFC 9126) |
Responses
| Status | Description | Schema |
| 200 | Authorization code (when no redirect_uri) | handler.authorizeCodeResponse |
| 302 | Redirect to callback URL with OAuth error (invalid_request/invalid_client/unsupported_response_type) | string |
| 400 | invalid_request_uri: PAR request invalid/expired/already used. Reference: RFC 9126. | dto.OAuthErrorResponse |
| 500 | server_error: authorization server internal error. Reference: RFC 6749 §5.2. | dto.OAuthErrorResponse |
Referenced Schemas
dto.OAuthErrorResponse
OAuth standard error response
| Field | Type | Required | Example | Constraints | Description |
error |
string |
No |
invalid_request |
|
Error code |
error_description |
string |
No |
Missing required parameter |
|
Error description |
error_uri |
string |
No |
https://docs.example.com/errors |
|
Error URI |
state |
string |
No |
state-123 |
|
Status |
handler.authorizeCodeResponse
| Field | Type | Required | Example | Constraints | Description |
code |
string |
No |
|
|
|
state |
string |
No |
|
|
|