AuthOAuthServerApi

import type { AuthOAuthServerApi } from "https://esm.sh/@supabase/supabase-js@2.95.3/dist/index.d.mts";

Contains all OAuth 2.1 authorization server user-facing methods. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

These methods are used to implement the consent page.

interface AuthOAuthServerApi {

approveAuthorization(authorizationId: string, options?: {

skipBrowserRedirect?: boolean;

}): Promise<AuthOAuthConsentResponse>;

denyAuthorization(authorizationId: string, options?: {

skipBrowserRedirect?: boolean;

}): Promise<AuthOAuthConsentResponse>;

getAuthorizationDetails(authorizationId: string): Promise<AuthOAuthAuthorizationDetailsResponse>;

listGrants(): Promise<AuthOAuthGrantsResponse>;

revokeGrant(options: {

clientId: string;

}): Promise<AuthOAuthRevokeGrantResponse>;

}

§Methods

approveAuthorization(authorizationId: string, options?: {

skipBrowserRedirect?: boolean;

}): Promise<AuthOAuthConsentResponse>

[src]

Approves an OAuth authorization request. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

After approval, the user's consent is stored and an authorization code is generated. The response contains a complete redirect URL with the authorization code and state.

@param authorizationId

The authorization ID to approve

@param options

Optional parameters

@param options.skipBrowserRedirect

If false (default), automatically redirects the browser to the OAuth client. If true, returns the redirect_url without automatic redirect (useful for custom handling).

@return

Redirect URL to send the user back to the OAuth client with authorization code

denyAuthorization(authorizationId: string, options?: {

skipBrowserRedirect?: boolean;

}): Promise<AuthOAuthConsentResponse>

[src]

Denies an OAuth authorization request. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

After denial, the response contains a redirect URL with an OAuth error (access_denied) to inform the OAuth client that the user rejected the request.

@param authorizationId

The authorization ID to deny

@param options

Optional parameters

@param options.skipBrowserRedirect

If false (default), automatically redirects the browser to the OAuth client. If true, returns the redirect_url without automatic redirect (useful for custom handling).

@return

Redirect URL to send the user back to the OAuth client with error information

getAuthorizationDetails(authorizationId: string): Promise<AuthOAuthAuthorizationDetailsResponse>

[src]

Retrieves details about an OAuth authorization request. Used to display consent information to the user. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

This method returns one of two response types:

OAuthAuthorizationDetails: User needs to consent - show consent page with client info
OAuthRedirect: User already consented - redirect immediately to the OAuth client

Use type narrowing to distinguish between the responses:

if ('authorization_id' in data) {
  // Show consent page
} else {
  // Redirect to data.redirect_url
}

@param authorizationId

The authorization ID from the authorization request

@return

Authorization details or redirect URL depending on consent status

listGrants(): Promise<AuthOAuthGrantsResponse>

[src]

Lists all OAuth grants that the authenticated user has authorized. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

@return

Response with array of OAuth grants with client information and granted scopes

revokeGrant(options: {

clientId: string;

}): Promise<AuthOAuthRevokeGrantResponse>

[src]

Revokes a user's OAuth grant for a specific client. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

Revocation marks consent as revoked, deletes active sessions for that OAuth client, and invalidates associated refresh tokens.

@param options

Revocation options

@param options.clientId

The OAuth client identifier (UUID) to revoke access for

@return

Empty response on successful revocation