Autional Autional
API Reference GitHub autional.com →

POST /oauth/authorize

OAuth 2.0 authorization endpoint (POST method). After user confirms authorization, returns 302 redirect when redirect_uri is provided; returns JSON authorization code otherwise. Supports PKCE, PAR, and automatic consent saving. References: RFC 6749 §4.1.1-4.1.2.1 (Authorization Code Grant), RFC 7636 (PKCE), RFC 9126 (PAR).

OAuth None application/json

Request Body

Accepts an empty JSON object {}

Responses

StatusDescriptionSchema
200Authorization code (when no redirect_uri)handler.authorizeCodeResponse
302Redirect to callback URL with OAuth error (invalid_request/invalid_client/access_denied)string
400invalid_request_uri: PAR request invalid/expired/already used. Reference: RFC 9126.dto.OAuthErrorResponse
403access_denied: user_id does not match authenticated userdto.OAuthErrorResponse
500server_error: authorization server internal error. Reference: RFC 6749 §5.2.dto.OAuthErrorResponse

Referenced Schemas

dto.OAuthErrorResponse

OAuth standard error response

FieldTypeRequiredExampleConstraintsDescription
error string No invalid_request Error code
error_description string No Missing required parameter Error description
error_uri string No https://docs.example.com/errors Error URI
state string No state-123 Status

handler.authorizeCodeResponse

FieldTypeRequiredExampleConstraintsDescription
code string No
state string No