OAuth · Capability
OAuth 2.0 Authorization Server — Authorization
OAuth 2.0 Authorization Server — Authorization. 1 operations. Lead operation: Authorization Endpoint. Self-contained Naftiko capability covering one Oauth business surface.
What You Can Do
GET
Authorize
— Authorization Endpoint
/v1/authorize
MCP Tools
authorization-endpoint
Authorization Endpoint
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: OAuth 2.0 Authorization Server — Authorization
description: 'OAuth 2.0 Authorization Server — Authorization. 1 operations. Lead operation: Authorization Endpoint. Self-contained
Naftiko capability covering one Oauth business surface.'
tags:
- Oauth
- Authorization
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
OAUTH_API_KEY: OAUTH_API_KEY
capability:
consumes:
- type: http
namespace: token-endpoint-authorization
baseUri: https://authorization-server.example.com
description: OAuth 2.0 Authorization Server — Authorization business capability. Self-contained, no shared references.
resources:
- name: authorize
path: /authorize
operations:
- name: authorize
method: GET
description: Authorization Endpoint
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: response_type
in: query
type: string
description: The value MUST be "code" for requesting an authorization code or "token" for requesting an access token
(implicit grant).
required: true
- name: client_id
in: query
type: string
description: The client identifier issued to the client during registration.
required: true
- name: redirect_uri
in: query
type: string
description: The URI to which the authorization server will redirect the user-agent after authorization is granted
or denied.
- name: scope
in: query
type: string
description: The scope of the access request as a space-delimited list of values.
- name: state
in: query
type: string
description: An opaque value used by the client to maintain state between the request and callback. Used to prevent
cross-site request forgery.
authentication:
type: basic
username: '{{env.OAUTH_USER}}'
password: '{{env.OAUTH_PASS}}'
exposes:
- type: rest
namespace: token-endpoint-authorization-rest
port: 8080
description: REST adapter for OAuth 2.0 Authorization Server — Authorization. One Spectral-compliant resource per consumed
operation, prefixed with /v1.
resources:
- path: /v1/authorize
name: authorize
description: REST surface for authorize.
operations:
- method: GET
name: authorize
description: Authorization Endpoint
call: token-endpoint-authorization.authorize
with:
response_type: rest.response_type
client_id: rest.client_id
redirect_uri: rest.redirect_uri
scope: rest.scope
state: rest.state
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: token-endpoint-authorization-mcp
port: 9090
transport: http
description: MCP adapter for OAuth 2.0 Authorization Server — Authorization. One tool per consumed operation, routed inline
through this capability's consumes block.
tools:
- name: authorization-endpoint
description: Authorization Endpoint
hints:
readOnly: true
destructive: false
idempotent: true
call: token-endpoint-authorization.authorize
with:
response_type: tools.response_type
client_id: tools.client_id
redirect_uri: tools.redirect_uri
scope: tools.scope
state: tools.state
outputParameters:
- type: object
mapping: $.