Documentation

Authorize

Begin the Authorization Code flow with PKCE.

GET/api/auth/oauth2/authorize

Purpose

Redirect the end user to Radiant Auth to authenticate and approve the requested scopes. On success, the browser is redirected to your redirect_uri with an authorization code.

Request

ParameterRequiredDescription
client_idYesYOUR_CLIENT_ID
response_typeYesMust be code
redirect_uriYesRegistered redirect URI
scopeRecommendedSpace-delimited: openid profile email offline_access
stateRecommendedCSRF protection value
code_challengeYes (PKCE)S256 challenge
code_challenge_methodYesS256 only
nonceRecommendedBound into the ID token
resourceOptionalJWT audience for your API

Response

HTTP 302 to the redirect URI with code and state, or with error on failure. Unauthenticated users are first sent to the Radiant Auth login UI.

Example

authorize.http
GET https://auth.rdnt.live/api/auth/oauth2/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=https%3A%2F%2Fyour-app.example%2Fapi%2Fauth%2Fcallback&scope=openid%20profile%20email%20offline_access&state=STATE&code_challenge=CHALLENGE&code_challenge_method=S256