naftiko: 1.0.0-alpha2 info: label: Clerk Frontend Api — OAuth2 Identity Provider description: 'Clerk OAuth2 Identity Provider capability. 10 operations. Lead operation: Request OAuth2 Authorization.' tags: - Clerk - OAuth2 Identity Provider created: '2026-05-22' modified: '2026-05-22' binds: - namespace: env keys: CLERK_PUBLISHABLE_KEY: CLERK_PUBLISHABLE_KEY capability: consumes: - type: http namespace: clerk-frontend-api-oauth2-identity-provider baseUri: '' description: Clerk clerk-frontend-api OAuth2 Identity Provider business capability. resources: - name: oauth-authorize path: /oauth/authorize operations: - name: requestOAuthAuthorize method: GET description: Request OAuth2 Authorization outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: response_type in: query type: string description: The authorization flow type. Must be `code` for authorization code flow. required: true - name: client_id in: query type: string description: The OAuth2 client ID of the OAuth application. required: true - name: redirect_uri in: query type: string description: The URI to redirect to after authorization. Must be registered for the OAuth application. required: false - name: scope in: query type: array description: Space-separated list of scopes being requested. Available scopes are `email`, `profile`, `openid`, `public_metadata`, and `private_metadata`. Defaults to `profile email` if not provided. required: false - name: state in: query type: string description: An opaque value used to maintain state between the request and callback (minimum 8 characters). Required to prevent CSRF attacks unless PKCE parameters (`code_challenge` and `code_challenge_method`) a required: false - name: prompt in: query type: array description: Space-separated list of prompts. Supported values are `none` (no user interaction), `login` (force re-authentication), and `consent` (force consent screen). required: false - name: code_challenge in: query type: string description: The code challenge for PKCE (Proof Key for Code Exchange). Required for public clients. required: false - name: code_challenge_method in: query type: string description: The method used to generate the code challenge. Must be `S256`. required: false - name: response_mode in: query type: string description: The method used to return authorization response parameters. Supported values are `query` (parameters in URL query string) and `form_post` (parameters in POST body). required: false - name: nonce in: query type: string description: String value used to associate a client session with an ID Token and to mitigate replay attacks. Used in OpenID Connect flows. required: false - name: requestOAuthAuthorizePOST method: POST description: Request OAuth2 Authorization outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: oauth-register path: /oauth/register operations: - name: registerOAuthClient method: POST description: Register OAuth 2.0 Client outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: oauth-token path: /oauth/token operations: - name: getOAuthToken method: POST description: Get OAuth2 Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: oauth-userinfo path: /oauth/userinfo operations: - name: getOAuthUserInfo method: GET description: Get User Info After OAuth2 Flow outputRawFormat: json outputParameters: - name: result type: object value: $. - name: getOAuthUserInfoPOST method: POST description: Get User Info After OAuth2 Flow outputRawFormat: json outputParameters: - name: result type: object value: $. - name: oauth-token-info path: /oauth/token_info operations: - name: getOAuthTokenInfo method: POST description: Get Information for an Access or Refresh Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: oauth-token-revoke path: /oauth/token/revoke operations: - name: revokeOAuthToken method: POST description: Revoke OAuth2 Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: v1-me-oauth-consent-client-id path: /v1/me/oauth/consent/{client_id} operations: - name: getOAuthConsent method: GET description: Get Consent Information outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: client_id in: path type: string description: The OAuth Application Client ID to get consent information for. required: true - name: scope in: query type: string description: Optional space-separated list of scopes to restrict the response to only those requested. required: false - name: submitOAuthConsent method: POST description: Submit OAuth2 Consent Decision outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: client_id in: path type: string description: The OAuth Application Client ID the consent decision applies to. required: true - name: body in: body type: object description: Request body (JSON). required: true