OAuth Provider Module

This module documents OpenASA runtime endpoints when OpenASA acts as an OAuth Provider.

Protocol profile

• Version: OAuth 2.0
• Supported flow: Authorization Code + PKCE (S256)
• Current token endpoint grant support: authorization_code

Included endpoints

• Authorize
• Token
• UserInfo
• JWKS
• Revoke

Notes

• Runtime prefix is /api, so all paths are under https://api.openasa.com/api/oauth/*.
• GET /oauth/authorize requires a signed-in browser session.
• /api/oauth/token and /api/oauth/revoke accept JSON body and form body.
• /api/auth/oauth/* is a different group used for third-party login helpers.