> ## Documentation Index
> Fetch the complete documentation index at: https://auth0-chore-management-api-autoupdate.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Authorize Application

> Begin an OAuth 2.0 Authorization Code Flow to obtain user consent and an authorization code.

## Endpoint

`GET /authorize`

To begin an OAuth 2.0 Authorization flow, your application should first send the user to the authorization URL.

## Authorize endpoint

The purpose of this call is to obtain consent from the user to invoke the API (specified in `audience`) and do certain things (specified in `scope`) on behalf of the user. Auth0 will authenticate the user and obtain consent, unless consent has been previously given. If you alter the value in `scope`, Auth0 will require consent to be given again.

The OAuth 2.0 flows that require user authorization are:

* [Authorization Code Flow](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow)
* [Authorization Code Flow with Proof Key for Code Exchange (PKCE)](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce)
* [Implicit Flow](https://auth0.com/docs/get-started/authentication-and-authorization-flow/implicit-flow-with-form-post)

The [Resource Owner Password Grant](https://auth0.com/docs/get-started/authentication-and-authorization-flow/resource-owner-password-flow) and [Client Credentials Flow](https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) do not use this endpoint since there is no user authorization involved. Instead, they directly invoke the `POST /oauth/token` endpoint to retrieve an Access Token.

Based on the OAuth 2.0 flow you are implementing, the parameters slightly change. To determine which flow is best suited for your case, refer to: [Which OAuth 2.0 flow should I use?](https://auth0.com/docs/get-started/authentication-and-authorization-flow/which-oauth-2-0-flow-should-i-use).

## Query Parameters

<ParamField query="audience" type="string" required>
  The unique identifier of the target API you want to access.
</ParamField>

<ParamField query="resource" type="string">
  The identifier of the target API (resource server) you want to access. Must match an API Identifier registered in your Auth0 tenant. Used as an alternative to `audience` when the tenant's [Resource Parameter Compatibility Profile](https://auth0.com/docs/get-started/tenant-settings#settings-advanced) is set to `compatibility`.
</ParamField>

<ParamField query="scope" type="string">
  The scopes which you want to request authorization for. These must be separated by a space. You can request standard OpenID Connect (OIDC) scopes, custom claims, or any scopes supported by the target API. Include `offline_access` to get a Refresh Token.
</ParamField>

<ParamField query="response_type" type="string" required>
  Indicates to Auth0 which OAuth 2.0 Flow you want to perform. Use 'code' for Authorization Code Grant Flow.
</ParamField>

<ParamField query="client_id" type="string" required>
  Your application's ID.
</ParamField>

<ParamField query="redirect_uri" type="string">
  The URL to which Auth0 will redirect the browser after authorization has been granted by the user.
</ParamField>

<ParamField query="state" type="string">
  An opaque value the application adds to the initial request that Auth0 includes when redirecting the back to the application. This value must be used by the application to prevent CSRF attacks.
</ParamField>

<ParamField query="connection" type="string">
  The name of the connection configured for your application.
</ParamField>

<ParamField query="prompt" type="string">
  To initiate a [silent authentication](https://auth0.com/docs/authenticate/login/configure-silent-authentication) request, use 'prompt=none'.
</ParamField>

<ParamField query="organization" type="string">
  ID of the organization to use when authenticating a user. When not provided, if your application is configured to **Display Organization Prompt**, the user will be able to enter the organization name when authenticating.
</ParamField>

<ParamField query="invitation" type="string">
  Ticket ID of the organization invitation. When [inviting a member to an Organization](/organizations/invite-members), your application should handle invitation acceptance by forwarding the invitation and organization key-value pairs when the user accepts the invitation.
</ParamField>

<ParamField query="dpop_jkt" type="string">
  The JWK Thumbprint \[RFC7638] of the proof-of-possession public key using the SHA-256 hash function. Only when using Demonstrating Proof-of-Possession (DPoP).
</ParamField>

## Response Messages

| Status | Description                      |
| ------ | -------------------------------- |
| 302    | Redirect with authorization code |