> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Start OAuth Authorization

> Start OAuth authorization flow for Connected Apps using the Stytch Vanilla JS SDK

export const organization = "Represents an instance or tenant in your application, typically mapping to each of your top-level customers.";

export const member = "Represents an individual end user's account within a given Organization, uniquely identified within that Organization by their email address.";

`idp.oauthAuthorizeStart` wraps the [Start OAuth Authorization](/api-reference/b2b/api/connected-apps/consent-management/start-oauth-authorization) API endpoint. It initiates a request for authorization of a Connected App to access a <Tooltip tip={member}>Member's</Tooltip> account.

Call this endpoint using the query parameters from an OAuth Authorization request. This endpoint validates various fields (`scope`, `client_id`, `redirect_uri`, `prompt`, etc...) are correct and returns relevant information for rendering an OAuth Consent Screen.

## Parameters

<ParamField path="client_id" type="string" required>
  The ID of the Connected App client.
</ParamField>

<ParamField path="redirect_uri" type="string" required>
  The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
</ParamField>

<ParamField path="response_type" type="string" required>
  The OAuth 2.0 response type. For authorization code flows this value is `code`.
</ParamField>

<ParamField path="scopes" type="string[]" required>
  An array of scopes requested by the client.
</ParamField>

<ParamField path="prompt" type="string">
  Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only consent is supported today.
</ParamField>

## Response

<ResponseField name="connected_app" type="object">
  <Expandable title="properties">
    <ResponseField name="client_id" type="string">
      The ID of the Connected App client.
    </ResponseField>

    <ResponseField name="client_type" type="string">
      The type of Connected App. Supported values are `first_party`, `first_party_public`, `third_party`, and `third_party_public`.
    </ResponseField>

    <ResponseField name="client_name" type="string">
      A human-readable name for the client.
    </ResponseField>

    <ResponseField name="client_description" type="string">
      A human-readable description for the client.
    </ResponseField>

    <ResponseField name="client_logo_url" type="string">
      The logo URL of the Connected App, if any.
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="consent_required" type="boolean">
  Whether the user must provide explicit consent for the authorization request.
</ResponseField>

<ResponseField name="scope_results" type="object[]">
  <Expandable title="properties">
    <ResponseField name="scope" type="string">
      The name of the scope.
    </ResponseField>

    <ResponseField name="description" type="string">
      A human-readable description of the scope, taken from the RBAC Policy.
    </ResponseField>

    <ResponseField name="is_grantable" type="boolean">
      Indicates whether the scope can be granted. Users can only grant scopes if they have the required permissions.
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="request_id" type="string">
  Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we
  may ask for this value to help identify a specific API call when helping you debug an issue.
</ResponseField>

<ResponseField name="status_code" type="number">
  The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values
  equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
</ResponseField>

<Panel>
  <RequestExample>
    ```javascript theme={null}
    import { StytchB2BClient } from '@stytch/vanilla-js/b2b';

    const stytch = new StytchB2BClient('public-token-test-b8c84de4-7d58-4ffc-9341-432b56596862');

    // Get OAuth parameters from URL
    const urlParams = new URLSearchParams(window.location.search);

    const startAuthorization = async () => {
      const response = await stytch.idp.oauthAuthorizeStart({
        client_id: urlParams.get('client_id'),
        redirect_uri: urlParams.get('redirect_uri'),
        response_type: urlParams.get('response_type'),
        scopes: urlParams.get('scope')?.split(' ') || [],
        prompt: urlParams.get('prompt'),
      });

      document.getElementById('app-name').textContent = response.connected_app.client_name;
      document.getElementById('app-description').textContent = response.connected_app.client_description;
    };

    startAuthorization();
    ```
  </RequestExample>
</Panel>