Documentation
Authorize
Begin the Authorization Code flow with PKCE.
GET/api/auth/oauth2/authorize
Purpose
Redirect the end user to Radiant Auth to authenticate and approve the requested scopes. On success, the browser is redirected to your redirect_uri with an authorization code.
Request
| Parameter | Required | Description |
|---|---|---|
client_id | Yes | YOUR_CLIENT_ID |
response_type | Yes | Must be code |
redirect_uri | Yes | Registered redirect URI |
scope | Recommended | Space-delimited: openid profile email offline_access |
state | Recommended | CSRF protection value |
code_challenge | Yes (PKCE) | S256 challenge |
code_challenge_method | Yes | S256 only |
nonce | Recommended | Bound into the ID token |
resource | Optional | JWT audience for your API |
Response
HTTP 302 to the redirect URI with code and state, or with error on failure. Unauthenticated users are first sent to the Radiant Auth login UI.
Example
authorize.http
GET https://auth.rdnt.live/api/auth/oauth2/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=https%3A%2F%2Fyour-app.example%2Fapi%2Fauth%2Fcallback&scope=openid%20profile%20email%20offline_access&state=STATE&code_challenge=CHALLENGE&code_challenge_method=S256