{ "$id": "oauth-authorization-request.json", "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "OAuth 2.0 Authorization Request", "description": "Schema describing the parameters of an OAuth 2.0 authorization request as defined in RFC 6749 Section 4.1.1 (Authorization Code Grant) and Section 4.2.1 (Implicit Grant). These parameters are sent as query components of the authorization endpoint URI.", "type": "object", "required": [ "response_type", "client_id" ], "properties": { "response_type": { "type": "string", "description": "The value MUST be 'code' for requesting an authorization code (Section 4.1.1) or 'token' for requesting an access token via the implicit grant (Section 4.2.1).", "enum": [ "code", "token" ] }, "client_id": { "type": "string", "description": "The client identifier as described in RFC 6749 Section 2.2." }, "redirect_uri": { "type": "string", "format": "uri", "description": "The absolute URI to which the authorization server will redirect the user-agent after authorization. As described in Section 3.1.2." }, "scope": { "type": "string", "description": "The scope of the access request as a space-delimited list of case-sensitive scope values. As described in Section 3.3.", "pattern": "^[\\x21\\x23-\\x5B\\x5D-\\x7E]+(\\s[\\x21\\x23-\\x5B\\x5D-\\x7E]+)*$" }, "state": { "type": "string", "description": "An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting back to the client. SHOULD be used to prevent cross-site request forgery (CSRF) attacks." }, "code_challenge": { "type": "string", "description": "PKCE code challenge derived from the code verifier, as defined in RFC 7636 Section 4.2.", "minLength": 43, "maxLength": 128 }, "code_challenge_method": { "type": "string", "description": "PKCE code challenge method. Defaults to 'plain' if not present. As defined in RFC 7636 Section 4.3.", "enum": [ "plain", "S256" ], "default": "plain" } }, "additionalProperties": true }