class Stytch::IDP::OAuth

def authorize(

The type of this field is nilable +String+.
A one-time use code that can be exchanged for tokens.
authorization_code::
The type of this field is +Integer+.
(no documentation yet)
status_code::
The type of this field is +String+.
The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
redirect_uri::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:

The type of this field is nilable list of +String+.
(no documentation yet)
resources::
The type of this field is nilable +String+.
A base64url encoded challenge derived from the code verifier for PKCE flows.
code_challenge::
The type of this field is nilable +String+.
A string used to associate a client session with an ID token to mitigate replay attacks.
nonce::
The type of this field is nilable +String+.
An opaque value used to maintain state between the request and callback.
state::
The type of this field is nilable +String+.
Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
prompt::
The type of this field is nilable +String+.
The `session_jwt` associated with a User's existing Session.
session_jwt::
The type of this field is nilable +String+.
The `session_token` associated with a User's existing Session.
session_token::
The type of this field is nilable +String+.
The unique ID of a specific User. You may use an `external_id` here if one is set for the user.
user_id::
The type of this field is +String+.
The OAuth 2.0 response type. For authorization code flows this value is `code`.
response_type::
The type of this field is +String+.
The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
redirect_uri::
The type of this field is +String+.
The ID of the Connected App client.
client_id::
The type of this field is list of +String+.
An array of scopes requested by the client.
scopes::
The type of this field is +Boolean+.
Indicates whether the user granted the requested scopes.
consent_granted::
== Parameters:

One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/api/connected-app-access-token-exchange) flow.
If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the user's session for tracking purposes.

- `session_jwt`
- `session_token`
- `user_id`
Exactly one of the following must be provided to identify the user granting authorization:

In both cases, redirect the user to the location for the response to be consumed by the Connected App.
If the authorization was unsuccessful, the `redirect_uri` will contain an OAuth2.1 `error_code`.
If the authorization was successful, the `redirect_uri` will contain a valid `authorization_code` embedded as a query parameter.

Note that this endpoint takes in a few additional parameters the preflight check does not- `state`, `nonce`, and `code_challenge`.
[Preflight Check](https://stytch.com/docs/api/connected-apps-oauth-authorize-start) API.
Call this endpoint using the query parameters from an OAuth Authorization request, after previously validating those parameters using the

Completes a request for authorization of a Connected App to access a User's account.
def authorize(
  consent_granted:,
  scopes:,
  client_id:,
  redirect_uri:,
  response_type:,
  user_id: nil,
  session_token: nil,
  session_jwt: nil,
  prompt: nil,
  state: nil,
  nonce: nil,
  code_challenge: nil,
  resources: nil
)
  headers = {}
  request = {
    consent_granted: consent_granted,
    scopes: scopes,
    client_id: client_id,
    redirect_uri: redirect_uri,
    response_type: response_type
  }
  request[:user_id] = user_id unless user_id.nil?
  request[:session_token] = session_token unless session_token.nil?
  request[:session_jwt] = session_jwt unless session_jwt.nil?
  request[:prompt] = prompt unless prompt.nil?
  request[:state] = state unless state.nil?
  request[:nonce] = nonce unless nonce.nil?
  request[:code_challenge] = code_challenge unless code_challenge.nil?
  request[:resources] = resources unless resources.nil?
  post_request('/v1/idp/oauth/authorize', request, headers)
end

def authorize_start(

The type of this field is +Integer+.
(no documentation yet)
status_code::
The type of this field is list of +ScopeResult+ (+object+).
Details about each requested scope.
scope_results::
The type of this field is +Boolean+.
Whether the user must provide explicit consent for the authorization request.
consent_required::
The type of this field is +ConnectedAppPublic+ (+object+).
(no documentation yet)
client::
The type of this field is +User+ (+object+).
The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details.
user::
The type of this field is +String+.
The unique ID of the affected User.
user_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:

The type of this field is nilable +String+.
Space separated list that specifies how the Authorization Server should prompt the user for reauthentication and consent. Only `consent` is supported today.
prompt::
The type of this field is nilable +String+.
The `session_jwt` associated with a User's existing Session.
session_jwt::
The type of this field is nilable +String+.
The `session_token` associated with a User's existing Session.
session_token::
The type of this field is nilable +String+.
The unique ID of a specific User. You may use an `external_id` here if one is set for the user.
user_id::
The type of this field is list of +String+.
An array of scopes requested by the client.
scopes::
The type of this field is +String+.
The OAuth 2.0 response type. For authorization code flows this value is `code`.
response_type::
The type of this field is +String+.
The callback URI used to redirect the user after authentication. This is the same URI provided at the start of the OAuth flow. This field is required when using the `authorization_code` grant.
redirect_uri::
The type of this field is +String+.
The ID of the Connected App client.
client_id::
== Parameters:

One of these fields must be used if the Connected App intends to complete the [Exchange Access Token](https://stytch.com/docs/api/connected-app-access-token-exchange) flow.
If a `session_token` or `session_jwt` is passed, the OAuth Authorization will be linked to the user's session for tracking purposes.

- `session_jwt`
- `session_token`
- `user_id`
Exactly one of the following must be provided to identify the user granting authorization:

Use this response to prompt the user for consent (if necessary) before calling the [Submit OAuth Authorization](https://stytch.com/docs/api/connected-apps-oauth-authorize) endpoint.

- A list of scopes the user has the ability to grant the Connected App
- Whether _explicit_ user consent must be granted before proceeding with the authorization
- A public representation of the Connected App requesting authorization
This endpoint returns:

relevant information for rendering an OAuth Consent Screen.
This endpoint validates various fields (`scope`, `client_id`, `redirect_uri`, `prompt`, etc...) are correct and returns
Call this endpoint using the query parameters from an OAuth Authorization request.

Initiates a request for authorization of a Connected App to access a User's account.
def authorize_start(
  client_id:,
  redirect_uri:,
  response_type:,
  scopes:,
  user_id: nil,
  session_token: nil,
  session_jwt: nil,
  prompt: nil
)
  headers = {}
  request = {
    client_id: client_id,
    redirect_uri: redirect_uri,
    response_type: response_type,
    scopes: scopes
  }
  request[:user_id] = user_id unless user_id.nil?
  request[:session_token] = session_token unless session_token.nil?
  request[:session_jwt] = session_jwt unless session_jwt.nil?
  request[:prompt] = prompt unless prompt.nil?
  post_request('/v1/idp/oauth/authorize/start', request, headers)
end

def initialize(connection)

def initialize(connection)
  @connection = connection
end