> ## Documentation Index > Fetch the complete documentation index at: https://stytch.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Submit OAuth Authorization > Completes a request for authorization of a Connected App. Completes a request for authorization of a Connected App to access a User's account. Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the [Preflight Check](/api-reference/b2b/api/connected-apps/consent-management/start-oauth-authorization) API. Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`. If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter. If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`. In both cases, redirect the user to the location for the response to be consumed by the Connected App. Exactly one of the following must be provided to identify the Member granting authorization: * `member_id` and `organization_id` * `session_token` * `session_jwt` If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the user's session for tracking purposes. One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](/api-reference/b2b/api/sessions/exchange-access-token) flow. ## OpenAPI ````yaml POST /v1/b2b/idp/oauth/authorize openapi: 3.0.3 info: title: Stytch API description: The Stytch API provides endpoints for authentication and user management. version: 2.0.0 contact: name: Stytch Support url: https://stytch.com/docs email: support@stytch.com servers: - url: https://api.stytch.com description: Production server - url: https://test.stytch.com description: Test server security: - basicAuth: [] paths: /v1/b2b/idp/oauth/authorize: post: tags: - B2B Idp summary: Authorize description: >- Completes a request for authorization of a Connected App to access a Member's account. Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the [Preflight Check](https://stytch.com/docs/b2b/api/connected-apps-oauth-authorize-start) API. Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`. If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter. If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`. In both cases, redirect the Member to the location for the response to be consumed by the Connected App. Exactly one of the following must be provided to identify the Member granting authorization: - `organization_id` + `member_id` - `session_token` - `session_jwt` If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the Member's session for tracking purposes. One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/b2b/api/connected-app-access-token-exchange) flow. operationId: api_b2b_idp_v1_b2b_idp_oauth_Authorize requestBody: required: true content: application/json: schema: $ref: >- #/components/schemas/api_b2b_idp_v1_b2b_idp_oauth_AuthorizeRequest responses: '200': description: Successful response content: application/json: schema: $ref: >- #/components/schemas/api_b2b_idp_v1_b2b_idp_oauth_AuthorizeResponse '400': description: Bad request '401': description: Unauthorized content: application/json: example: status_code: 401 request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141 error_type: unauthorized_credentials error_message: Unauthorized credentials. error_url: https://stytch.com/docs/api/errors/401 '429': description: Too Many Requests content: application/json: example: status_code: 429 request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141 error_type: too_many_requests error_message: Too many requests have been made. error_url: https://stytch.com/docs/api/errors/429 '500': description: Internal server error content: application/json: example: status_code: 500 request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141 error_type: internal_server_error error_message: >- Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong. error_url: https://stytch.com/docs/api/errors/500 x-code-samples: - lang: csharp label: C# source: |- // POST /v1/b2b/idp/oauth/authorize const stytch = require('stytch'); const client = new stytch.B2BClient({ project_id: '${projectId}', secret: '${secret}', }); const params = { consent_granted: true, scopes: ["openid"], client_id: "${exampleConnectedAppClientID}", redirect_uri: "https://app.example/oauth/callback", response_type: "code", }; client.IDP.OAuth.Authorize(params) .then(resp => { console.log(resp) }) .catch(err => { console.log(err) }); - lang: go label: Go source: "// POST /v1/b2b/idp/oauth/authorize\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/stytchauth/stytch-go/v17/stytch/b2b/b2bstytchapi\"\n\t\"github.com/stytchauth/stytch-go/v17/stytch/b2b/idp/oauth\"\n)\n\nfunc main() {\n\tclient, err := b2bstytchapi.NewClient(\n\t\t\"${projectId}\",\n\t\t\"${secret}\",\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"error instantiating client: %v\", err)\n\t}\n\n\tparams := &oauth.AuthorizeParams{\n\t\tConsentGranted: true,\n\t\tScopes: []string{\"openid\"},\n\t\tClientID: \"${exampleConnectedAppClientID}\",\n\t\tRedirectURI: \"https://app.example/oauth/callback\",\n\t\tResponseType: \"code\",\n\t}\n\n\tresp, err := client.IDP.OAuth.Authorize(context.Background(), params)\n\tif err != nil {\n\t\tlog.Fatalf(\"error in method call: %v\", err)\n\t}\n\n\tlog.Println(resp)\n}\n" - lang: java label: Java source: |- // POST /v1/b2b/idp/oauth/authorize package com.example; import com.stytch.java.b2b.models.idpoauth.AuthorizeRequest; import com.stytch.java.b2b.StytchB2BClient; import com.stytch.java.common.StytchResult; public class Main { public static void main(String[] args) { StytchB2BClient.configure("${projectId}", "${secret}"); AuthorizeRequest params = new AuthorizeRequest(); params.setConsentGranted(true); params.setScopes(new String("openid")); params.setClientId("${exampleConnectedAppClientID}"); params.setRedirectUri("https://app.example/oauth/callback"); params.setResponseType("code"); Object result = StytchB2BClient.getIDP().getOAuth().authorize(params); if (result instanceof StytchResult.Success) { System.out.println(((StytchResult.Success) result).getValue()); } else { System.out.println(((StytchResult.Error) result).getException()); } } } - lang: kotlin label: Kotlin source: | // POST /v1/b2b/idp/oauth/authorize package com.example import com.stytch.java.b2b.StytchB2BClient import com.stytch.java.b2b.models.idpoauth.AuthorizeRequest fun main() { StytchB2BClient.configure( projectId = "${projectId}", secret = "${secret}", ) when ( val result = StytchB2BClient.idp.oauth.authorize( AuthorizeRequest( consentGranted = true, scopes = arrayOf("openid"), clientId = "${exampleConnectedAppClientID}", redirectUri = "https://app.example/oauth/callback", responseType = "code", ), ) ) { is StytchResult.Success -> println(result.value) is StytchResult.Error -> println(result.exception) } } - lang: javascript label: Node.js source: |- // POST /v1/b2b/idp/oauth/authorize const stytch = require('stytch'); const client = new stytch.B2BClient({ project_id: '${projectId}', secret: '${secret}', }); const params = { consent_granted: true, scopes: ["openid"], client_id: "${exampleConnectedAppClientID}", redirect_uri: "https://app.example/oauth/callback", response_type: "code", }; client.idp.oauth.authorize(params) .then(resp => { console.log(resp) }) .catch(err => { console.log(err) }); - lang: php label: PHP source: |- $response = $client->idp->oauth->authorize([ 'consent_granted' => true, 'scopes' => ['openid'], 'client_id' => '${exampleConnectedAppClientID}', 'redirect_uri' => 'https://app.example/oauth/callback', 'response_type' => 'code', ]); - lang: python label: Python source: | # POST /v1/b2b/idp/oauth/authorize from stytch import B2BClient client = B2BClient( project_id="${projectId}", secret="${secret}", ) resp = client.idp.oauth.authorize( consent_granted=True, scopes=["openid"], client_id="${exampleConnectedAppClientID}", redirect_uri="https://app.example/oauth/callback", response_type="code", ) print(resp) - lang: ruby label: Ruby source: |- # POST /v1/b2b/idp/oauth/authorize require 'stytch' client = StytchB2B::Client.new( project_id: "${projectId}", secret: "${secret}" ) resp = client.idp.oauth.authorize( consent_granted: true, scopes: ['openid'], client_id: "${exampleConnectedAppClientID}", redirect_uri: "https://app.example/oauth/callback", response_type: "code" ) puts resp - lang: rust label: Rust source: |- // POST /v1/b2b/idp/oauth/authorize use stytch::b2b::client::Client; use stytch::b2b::idp_oauth::AuthorizeRequest; fn main() { let client = Client::new("${projectId}", "${secret}").unwrap(); let resp = client.idp.oauth.authorize( AuthorizeRequest{ consent_granted: true, scopes: vec!["openid"], client_id: "${exampleConnectedAppClientID}", redirect_uri: "https://app.example/oauth/callback", response_type: "code", ..Default::default() } ).await; println!("The response is {:?}", resp); } - lang: bash label: cURL source: |- # POST /v1/b2b/idp/oauth/authorize curl --request POST \ --url https://test.stytch.com/v1/b2b/idp/oauth/authorize \ -u '${projectId}:${secret}' \ -H 'Content-Type: application/json' \ -d '{ "consent_granted": true, "scopes": ["openid"], "client_id": "${exampleConnectedAppClientID}", "redirect_uri": "https://app.example/oauth/callback", "response_type": "code" }' components: schemas: api_b2b_idp_v1_b2b_idp_oauth_AuthorizeRequest: type: object properties: consent_granted: type: boolean description: Indicates whether the user granted the requested scopes. scopes: type: array items: type: string description: An array of scopes requested by the client. client_id: type: string description: The ID of the Connected App client. redirect_uri: type: string description: >- The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant. response_type: type: string description: >- The OAuth 2.0 response type. For authorization code flows this value is `code`. organization_id: type: string description: >- Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. member_id: type: string description: >- Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member. session_token: type: string description: A secret token for a given Stytch Session. session_jwt: type: string description: The JSON Web Token (JWT) for a given Stytch Session. prompt: type: string description: >- Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today. state: type: string description: >- An opaque value used to maintain state between the request and callback. nonce: type: string description: >- A string used to associate a client session with an ID token to mitigate replay attacks. code_challenge: type: string description: >- A base64url encoded challenge derived from the code verifier for PKCE flows. resources: type: array items: type: string description: Request type required: - consent_granted - scopes - client_id - redirect_uri - response_type api_b2b_idp_v1_b2b_idp_oauth_AuthorizeResponse: type: object properties: request_id: type: string description: >- Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. redirect_uri: type: string description: >- The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant. status_code: type: integer format: int32 authorization_code: type: string description: A one-time use code that can be exchanged for tokens. required: - request_id - redirect_uri - status_code securitySchemes: basicAuth: type: http scheme: basic ````