Skip to content

OAuth authorization endpoint redirect proxy

GET
/oauth/authorize
curl --request GET \
--url 'https://example.com/api/oauth/authorize?response_type=code&code_challenge_method=S256'

Redirects to Supabase /auth/v1/oauth/authorize while preserving the original query string. Discovered as authorization_endpoint from /.well-known/oauth-authorization-server so clients keep AppHandoff as the authorization-server issuer and use the AppHandoff token proxy for code exchange and refresh.

client_id
string

OAuth client identifier.

redirect_uri
string format: uri

Client callback URI registered with the OAuth client.

response_type
string
Allowed values: code

OAuth response type.

code_challenge
string

PKCE S256 code challenge.

code_challenge_method
string
Allowed values: S256

PKCE challenge method.

state
string

Opaque client state.

scope
string

Space-separated OAuth scopes.

resource
string format: uri

Optional RFC 8707 resource indicator.

Redirect to Supabase authorization endpoint.

Location
string format: uri

Invalid request

Media type application/json
object
error
required

Human-readable error message

string
code

Stable machine-readable error code for client branching

string
fieldErrors

First validation message per field path

object
key
additional properties
string
issues

Structured validation issues (Zod)

Array<object>
object
path
required
string
message
required
string
retryAfter

Seconds until rate limit resets (429 responses)

number

OAuth server not configured.

Media type application/json
object
error
required

Human-readable error message

string
code

Stable machine-readable error code for client branching

string
fieldErrors

First validation message per field path

object
key
additional properties
string
issues

Structured validation issues (Zod)

Array<object>
object
path
required
string
message
required
string
retryAfter

Seconds until rate limit resets (429 responses)

number