Authorization Endpoint (GET)
Initiate OAuth 2.0 Authorization Code flow.
Endpoint
GET /oauth/authorize
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <access_token> (user must be authenticated) |
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
response_type | string | Yes | Must be "code" |
client_id | string | Yes | OAuth application client ID |
redirect_uri | string | Yes | Where to redirect after authorization |
scope | string | No | Space-separated list of requested scopes |
state | string | No | CSRF protection state parameter |
code_challenge | string | No | PKCE code challenge |
code_challenge_method | string | No | PKCE method: "S256" or "plain" |
Response
Success (302 Redirect)
Redirects to redirect_uri with authorization code:
https://myapp.com/callback?code=AUTHORIZATION_CODE&state=STATE_VALUE
Error (400)
{
"error": "invalid_request",
"error_description": "response_type must be 'code'"
}
Features
- Initiates OAuth 2.0 Authorization Code flow
- User must be authenticated
- Supports PKCE for enhanced security
- Validates redirect_uri against registered URIs
- Auto-approves if user is authenticated (consent screen can be added)
Example
curl -X GET "https://api.rivergen.com/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=https://myapp.com/callback&scope=read write&state=random_state" \
-H "Authorization: Bearer <access_token>"
Related Endpoints
- Token Endpoint - Exchange code for token
- Authorization (POST) - Consent approval