OAuth 2.1 authorization endpoint
POST/api/auth/oauth2/authorize
Redirects the user to /sign-in (if not authenticated) or /consent (if first visit), then redirects back to the client redirect_uri with ?code=&state=. PKCE required.
Request
Responses
- 302
- 400
- 401
Redirect to login, consent, or client redirect_uri.
invalid_request / invalid_redirect_uri / unsupported_response_type
invalid_client (unknown client_id)