Complete OAuth Flow
Completes the OAuth authorisation flow after user consent, generating an authorisation code and returning the redirect URL.
Required scopes: private
Authorization
BearerAuth JWT access token for internal API access. Requires 'private' scope for most endpoints, 'admin' scope for administrative operations.
In: header
Header Parameters
Define the version of the Connect protocol
1Define the timeout, in ms
Request Body
application/json
Indicates if the user accepts the OAuth flow
"ACCEPT_TYPE_DENY" | "ACCEPT_TYPE_ALLOW" | "ACCEPT_TYPE_ALLOW_WITH_EXISTING_GRANT"Type of response expected from the OAuth flow
Code challenge for PKCE
"CODE_CHALLENGE_METHOD_UNSPECIFIED" | "CODE_CHALLENGE_METHOD_PLAIN" | "CODE_CHALLENGE_METHOD_S256"State parameter to maintain state between request and callback
URI to redirect to after completing the OAuth flow
uri1 <= length <= 1024Scopes requested during the OAuth flow
1 <= itemsIndicates if the authorization should be long-lived
uuidIf set, the request will only succeed if we can skip the OAuth flow.
1 <= length <= 1024RFC 8707: Resource indicator to restrict token audience
uriOIDC: Maximum authentication age in seconds. Forces re-auth if auth_time is older.
int32OIDC: Requested Authentication Context Class Reference values (space-separated)
Response Body
application/json
application/json
curl -X POST "https://auth.xeonr.io/xeonr.auth.private.v1.OAuthService/CompleteOAuthFlow" \ -H "Connect-Protocol-Version: 1" \ -H "Content-Type: application/json" \ -d '{}'{
"url": "https://myapp.example.com/oauth/callback?code=abc123&state=xyz123state"
}{
"code": "not_found",
"message": "string",
"details": [
{
"type": "string",
"value": "string",
"debug": {}
}
]
}Complete OAuth Code POST
Completes the device code flow by approving or denying the authorisation request. **Required scopes:** `private`
Get Public Client POST
Retrieves public details of an OAuth client for displaying on the consent screen, including requested scopes and user permissions. **Required scopes:** `private`