---
get:
  description: "Authorize endpoint used with Authorization Code Grant flow. Send your target users here to start the authorization flow - this will request users to authenticate in Tiki and then send back a short-lived code to the redirect uri that you can exchange then for an access token."
  parameters:
    - name: response_type
      in: query
      description: "Should always be: code"
      required: true
      schema:
        type: string
    - name: client_id
      in: query
      description: Your application client id generated by the Tiki OAuth server.
      required: true
      schema:
        type: string
    - name: redirect_uri
      in: query
      description: Where should the user be redirected back when they authorize in Tiki. This should be an URL on your site to read back the generated code and exchange it for an access token.
      required: true
      schema:
        type: string
    - name: scope
      in: query
      description: A space delimited list of scopes. This is optional.
      schema:
        type: string
    - name: state
      in: query
      description: Random string used as a CSRF value. You should compare the state value retrieved with the access token to this one.
      schema:
        type: string
  responses:
    '200':
      description: authorize response
      content:
        application/json:
          schema:
            type: object
            properties:
              code:
                type: string
              state:
                type: string
    '403':
      description: forbidden
      content:
        application/json:
          schema:
            $ref: schemas-Error.yaml