Oauth Login
GET
/auth/oauth/{provider_slug}/login
const url = 'https://example.com/api/auth/oauth/example/login';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/api/auth/oauth/example/loginRedirect user to the IdP authorization URL with PKCE parameters.
Phase 268 H-27: the redirect_uri is handed to the IdP, where an
attacker-controlled origin (via X-Forwarded-Host) would otherwise
enable auth-code theft. We force explicit-config resolution by
passing for_external_use=True; falling back to the request-origin
is refused.
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ” provider_slug
required
Provider Slug
string
Responses
Section titled “ Responses ”Successful Response
Bad request — invalid query parameters or payload
ProblemDetail
object
type
Type
string
title
required
Title
string
status
required
Status
integer
detail
required
Detail
string
Example
{ "type": "about:blank"}Unauthorized — missing or invalid credentials
ProblemDetail
object
type
Type
string
title
required
Title
string
status
required
Status
integer
detail
required
Detail
string
Example
{ "type": "about:blank"}Forbidden — caller lacks access to this resource
ProblemDetail
object
type
Type
string
title
required
Title
string
status
required
Status
integer
detail
required
Detail
string
Example
{ "type": "about:blank"}Not found
ProblemDetail
object
type
Type
string
title
required
Title
string
status
required
Status
integer
detail
required
Detail
string
Example
{ "type": "about:blank"}Validation error
ProblemDetail
object
type
Type
string
title
required
Title
string
status
required
Status
integer
detail
required
Detail
string
Example
{ "type": "about:blank"}Internal server error
ProblemDetail
object
type
Type
string
title
required
Title
string
status
required
Status
integer
detail
required
Detail
string
Example
{ "type": "about:blank"}