Oauth Login

GET

/auth/oauth/{provider_slug}/login

curl --request GET \
  --url https://example.com/auth/oauth/example/login

Redirect user to the IdP authorization URL with PKCE parameters.

Phase 268 H-27: the redirect_uri is handed to the IdP, where an attacker-controlled origin (via X-Forwarded-Host) would otherwise enable auth-code theft. We force explicit-config resolution by passing for_external_use=True; falling back to the request-origin is refused.

Parameters

Path Parameters

provider_slug

required

Provider Slug

string

Responses

307

Successful Response

400

Bad request — invalid query parameters or payload

ProblemDetail

object

detail

required

Detail

string

status

required

Status

integer

title

required

Title

string

type

Type

string

default: about:blank

Example

{
  "type": "about:blank"
}

401

Unauthorized — missing or invalid credentials

ProblemDetail

object

detail

required

Detail

string

status

required

Status

integer

title

required

Title

string

type

Type

string

default: about:blank

Example

{
  "type": "about:blank"
}

403

Forbidden — caller lacks access to this resource

ProblemDetail

object

detail

required

Detail

string

status

required

Status

integer

title

required

Title

string

type

Type

string

default: about:blank

Example

{
  "type": "about:blank"
}

404

Not found

ProblemDetail

object

detail

required

Detail

string

status

required

Status

integer

title

required

Title

string

type

Type

string

default: about:blank

Example

{
  "type": "about:blank"
}

422

Validation error

ProblemDetail

object

detail

required

Detail

string

status

required

Status

integer

title

required

Title

string

type

Type

string

default: about:blank

Example

{
  "type": "about:blank"
}

500

Internal server error

ProblemDetail

object

detail

required

Detail

string

status

required

Status

integer

title

required

Title

string

type

Type

string

default: about:blank

Example

{
  "type": "about:blank"
}