Clerk · Capability
Clerk Frontend Api — OAuth2 Identity Provider
Clerk OAuth2 Identity Provider capability. 10 operations. Lead operation: Request OAuth2 Authorization.
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Clerk Frontend Api — OAuth2 Identity Provider
description: 'Clerk OAuth2 Identity Provider capability. 10 operations. Lead operation: Request OAuth2 Authorization.'
tags:
- Clerk
- OAuth2 Identity Provider
created: '2026-05-22'
modified: '2026-05-22'
binds:
- namespace: env
keys:
CLERK_PUBLISHABLE_KEY: CLERK_PUBLISHABLE_KEY
capability:
consumes:
- type: http
namespace: clerk-frontend-api-oauth2-identity-provider
baseUri: ''
description: Clerk clerk-frontend-api OAuth2 Identity Provider business capability.
resources:
- name: oauth-authorize
path: /oauth/authorize
operations:
- name: requestOAuthAuthorize
method: GET
description: Request OAuth2 Authorization
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: response_type
in: query
type: string
description: The authorization flow type. Must be `code` for authorization code flow.
required: true
- name: client_id
in: query
type: string
description: The OAuth2 client ID of the OAuth application.
required: true
- name: redirect_uri
in: query
type: string
description: The URI to redirect to after authorization. Must be registered for the OAuth application.
required: false
- name: scope
in: query
type: array
description: Space-separated list of scopes being requested. Available scopes are `email`, `profile`, `openid`, `public_metadata`, and `private_metadata`. Defaults to `profile email` if not provided.
required: false
- name: state
in: query
type: string
description: An opaque value used to maintain state between the request and callback (minimum 8 characters). Required to prevent CSRF attacks unless PKCE parameters (`code_challenge` and `code_challenge_method`) a
required: false
- name: prompt
in: query
type: array
description: Space-separated list of prompts. Supported values are `none` (no user interaction), `login` (force re-authentication), and `consent` (force consent screen).
required: false
- name: code_challenge
in: query
type: string
description: The code challenge for PKCE (Proof Key for Code Exchange). Required for public clients.
required: false
- name: code_challenge_method
in: query
type: string
description: The method used to generate the code challenge. Must be `S256`.
required: false
- name: response_mode
in: query
type: string
description: The method used to return authorization response parameters. Supported values are `query` (parameters in URL query string) and `form_post` (parameters in POST body).
required: false
- name: nonce
in: query
type: string
description: String value used to associate a client session with an ID Token and to mitigate replay attacks. Used in OpenID Connect flows.
required: false
- name: requestOAuthAuthorizePOST
method: POST
description: Request OAuth2 Authorization
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: oauth-register
path: /oauth/register
operations:
- name: registerOAuthClient
method: POST
description: Register OAuth 2.0 Client
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: oauth-token
path: /oauth/token
operations:
- name: getOAuthToken
method: POST
description: Get OAuth2 Token
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: oauth-userinfo
path: /oauth/userinfo
operations:
- name: getOAuthUserInfo
method: GET
description: Get User Info After OAuth2 Flow
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: getOAuthUserInfoPOST
method: POST
description: Get User Info After OAuth2 Flow
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: oauth-token-info
path: /oauth/token_info
operations:
- name: getOAuthTokenInfo
method: POST
description: Get Information for an Access or Refresh Token
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: oauth-token-revoke
path: /oauth/token/revoke
operations:
- name: revokeOAuthToken
method: POST
description: Revoke OAuth2 Token
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: v1-me-oauth-consent-client-id
path: /v1/me/oauth/consent/{client_id}
operations:
- name: getOAuthConsent
method: GET
description: Get Consent Information
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: client_id
in: path
type: string
description: The OAuth Application Client ID to get consent information for.
required: true
- name: scope
in: query
type: string
description: Optional space-separated list of scopes to restrict the response to only those requested.
required: false
- name: submitOAuthConsent
method: POST
description: Submit OAuth2 Consent Decision
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: client_id
in: path
type: string
description: The OAuth Application Client ID the consent decision applies to.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true