# OAuth 2.0 authorize Checks the presence of a valid SSO session. Redirects to the URL passed in the redirect_url parameter with an authorization code. Endpoint: GET /oauth2/auth Version: v1 ## Query parameters: - `response_type` (string, required) Will be set to code, indicating that the application expects to receive an authorization code if successful. Enum: "code" - `client_id` (integer, required) Your application ID. Get it after creating an OAuth 2.0 client. - `redirect_uri` (string, required) This URL must match one of the URLs the developer registered when creating the application, and the authorization server should reject the request if it does not match. To set up this parameter, contact your Customer Success Manager. - `scope` (string, required) The request may have one or more scope values indicating additional access requested by the application. The authorization server will need to display the requested scopes to the user. - `state` (string, required) The state parameter is used by the application to store request-specific data and/or prevent CSRF attacks. The authorization server must return the unmodified state value back to the application. This is the recommended parameter. - `audience` (string, required) The audience parameter may contain multiple strings separated by a url-encoded space (+ or %20). The audience values themselves must also be url encoded. - `popup` (boolean) If true is passed method will redirect to widget at first and then to partner's callback. If false, method will redirect straight to partner's callback. - `code_challenge` (string) Generated challenge from the code_verifier (https://datatracker.ietf.org/doc/html/rfc7636#section-4-2). - `code_challenge_method` (string) Method used to generate the challenge. For now, you can only use the method S256 to generate code_challenge. Enum: "S256" - `widget_only` (boolean) Service parameter for pop up flow. Does not affect API behaviour. - `enable_post_message_login` (boolean) Service parameter for pop up flow. Does not affect API behaviour. - `disable_socials` (boolean) Service parameter for pop up flow. Does not affect API behaviour. - `fail_auth_url` (string) If passed then method will redirect on this URL in case of a missing session for authentication and obtaining new session. - `disable_passwordless_email` (boolean) Service parameter for pop up flow. Does not affect API behaviour. - `disable_passwordless_phone` (boolean) Service parameter for pop up flow. Does not affect API behaviour. - `is_xsolla_link` (boolean) Service parameter for pop up flow. Does not affect API behaviour. ## Response 400 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information. ## Response 404 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information. ## Response 418 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information. ## Response 422 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information. ## Response 429 fields (application/json): - `error` (object, required) - `error.code` (string, required) Error code. Example: "003-061" - `error.description` (string, required) Error description. Example: "Object not found." - `error.details` (object) Additional information. ## Response 302 fields