Authorization Consent (POST)
Handle user consent approval/rejection for OAuth authorization.
Endpoint
POST /oauth/authorize
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <access_token> |
Content-Type | Yes | application/x-www-form-urlencoded |
Form Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
client_id | string | Yes | OAuth application client ID |
redirect_uri | string | Yes | Where to redirect after authorization |
scope | string | No | Space-separated list of requested scopes |
state | string | No | CSRF protection state parameter |
approve | boolean | Yes | User approval decision (true or false) |
Response
Success - Approved (302 Redirect)
Redirects to redirect_uri with authorization code:
https://myapp.com/callback?code=AUTHORIZATION_CODE&state=STATE_VALUE
Success - Rejected (302 Redirect)
Redirects to redirect_uri with error:
https://myapp.com/callback?error=access_denied&state=STATE_VALUE
Features
- Handles user consent approval/rejection
- Generates authorization code on approval
- Redirects with error on rejection
- Validates all parameters
Example
curl -X POST "https://api.rivergen.com/oauth/authorize" \
-H "Authorization: Bearer <access_token>" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=CLIENT_ID&redirect_uri=https://myapp.com/callback&scope=read write&state=random_state&approve=true"
Related Endpoints
- Token Endpoint - Exchange code for token
- Authorization (GET) - Initiate flow