Storyden
Auth

O Auth Authorise Consent

Read a pending OAuth authorisation code request for a signed-in user before they approve or deny consent in the frontend. This is a Storyden frontend/API integration endpoint, not an OAuth protocol endpoint. It returns the client, redirect URI, requested scopes, and currently grantable scopes so the frontend can render a consent screen.

Read a pending OAuth authorisation code request for a signed-in user before they approve or deny consent in the frontend.

This is a Storyden frontend/API integration endpoint, not an OAuth protocol endpoint. It returns the client, redirect URI, requested scopes, and currently grantable scopes so the frontend can render a consent screen.

GET/oauth/authorize/consent

Authorization

browser
storyden-session<token>

In: cookie

Query Parameters

request_id?string

OAuth authorisation request identifier.

Response Body

application/json

application/json

application/json

curl -X GET "https://loading/api/oauth/authorize/consent"
{
  "request_id": "string",
  "client_id": "string",
  "client_name": "string",
  "redirect_uri": "http://example.com",
  "expires_at": "2019-08-24T14:15:22Z",
  "requested_scopes": [
    "string"
  ],
  "granted_scopes": [
    "string"
  ],
  "inherits_user_permissions": true
}
{
  "error": "string",
  "error_description": "string"
}
Empty
{
  "error": "string",
  "message": "string",
  "suggested": "string",
  "metadata": {}
}
Edit on GitHub

O Auth Authorise GET

Start the browser-based OAuth 2.0 Authorization Code flow with PKCE. This endpoint requires a browser session. If the account is not signed in, Storyden redirects to the frontend login route instead of returning a protocol redirect to the client application. Unlike many OAuth servers, Storyden does not render a consent page from this API endpoint. A valid request creates a short-lived pending authorisation request and redirects the browser to the configured frontend authorisation-code consent URL. Custom frontends can change this URL with `OAUTH_AUTHORISATION_CODE_CONSENT_URL`. The `scope` parameter follows OAuth 2.0 and is optional. Empty or omitted scope means no requested scopes. Storyden permission scopes are granted only when allowed by the client and by the signed-in account's current permissions.

O Auth Authorise Consent Submit POST

Approve or deny a pending OAuth authorisation code request for the currently signed-in account. On approval this creates a short-lived authorisation code and returns the client redirect URI containing `code` and optional `state`. On denial the returned redirect URI contains `error=access_denied`. Storyden recomputes the granted scope at approval time from current account permissions and client policy.