# Initiate OAuth authorization

OAuth 2.1 authorization endpoint. The client opens the browser at this URL; valid requests are redirected to the frontend consent page where the user approves access.

Endpoint: GET /public/v1/oauth/authorize/
Version: 1.0.0

## Query parameters:

  - `client_id` (string, required)
    The client_id returned during client registration.

  - `redirect_uri` (string, required)
    The URI to redirect to after authorization. Must match one of the registered redirect URIs.

  - `response_type` (string, required)
    Must be code.

  - `code_challenge` (string, required)
    PKCE code challenge. Base64url-encoded SHA-256 hash of the code verifier.

  - `code_challenge_method` (string)
    PKCE method. Only S256 is supported. Defaults to S256 if omitted.

  - `scope` (string)
    Space-separated list of requested scopes. Available value: all. Defaults to the full set of scopes granted during registration if omitted.

  - `state` (string)
    Opaque value to maintain state between the request and the callback. Returned unchanged in the redirect.

  - `resource` (string)
    RFC 8707 resource indicator — the canonical URI of the API this token will be used against. Forwarded through consent and bound to the issued token.


## Response 400 fields

## Response 422 fields