# Start an authorization code flow

Starts OAuth2 Authorization Code Flow. The resource owner will be authenticated and be presented with the third-party application access request.

Endpoint: GET /zephr/oauth2
Version: 2025-07-30
Security: CookieBlaizeSession, JwtQuery, JwtHeaderXBlaizeJwt, JwtHeaderXZephrJwt, JwtBearer, JwtCookie

## Query parameters:

  - `client_id` (string, required)
    Zephr Site Oauth2 Client ID.

  - `response_type` (string, required)
    Must be set to code.

  - `redirect_uri` (string, required)
    Client's redirection endpoint. Must be an absolute URI.

  - `scope` (string, required)
    The scope of the access request.

  - `state` (string, required)
    An opaque value used by the client to maintain state between the request and callback.


## Response 302 fields