OAuth authorization endpoint redirect proxy
const url = 'https://example.com/api/oauth/authorize?response_type=code&code_challenge_method=S256';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url 'https://example.com/api/oauth/authorize?response_type=code&code_challenge_method=S256'Redirects to Supabase /auth/v1/oauth/authorize while preserving the
original query string. Discovered as authorization_endpoint from
/.well-known/oauth-authorization-server so clients keep AppHandoff as
the authorization-server issuer and use the AppHandoff token proxy for
code exchange and refresh.
Parameters
Section titled “ Parameters ”Query Parameters
Section titled “Query Parameters ”OAuth client identifier.
Client callback URI registered with the OAuth client.
OAuth response type.
PKCE S256 code challenge.
PKCE challenge method.
Opaque client state.
Space-separated OAuth scopes.
Optional RFC 8707 resource indicator.
Responses
Section titled “ Responses ”Redirect to Supabase authorization endpoint.
Headers
Section titled “Headers ”Invalid request
object
Human-readable error message
Stable machine-readable error code for client branching
First validation message per field path
object
Structured validation issues (Zod)
object
Seconds until rate limit resets (429 responses)
OAuth server not configured.
object
Human-readable error message
Stable machine-readable error code for client branching
First validation message per field path
object
Structured validation issues (Zod)
object
Seconds until rate limit resets (429 responses)