Malli schema for authorization request parameters.

Malli schema for authorization response.

Builds the redirect URL with query parameters.

Takes an authorization response map (from handle-authorization-approval or handle-authorization-denial) containing a redirect URI and parameters. URL-encodes the parameters and appends them to the redirect URI as query parameters, properly handling whether the URI already contains a query string. Returns the complete redirect URL string.

Handles user approval of authorization request.

Takes a parsed authorization request (from parse-authorization-request), the user ID of the approving user, provider configuration, and an AuthorizationCodeStore. Generates an authorization code, calculates its expiry time, parses the requested scopes, and saves the authorization code to the store. Returns an authorization response map containing the redirect URI and response parameters (including the code and optional state). Currently supports response_type “code”; throws ex-info for unsupported response types.

Handles user denial of authorization request.

Takes a parsed authorization request, an OAuth2 error code (defaults to “access_denied” if not provided), and a human-readable error description. Builds an authorization response map containing the redirect URI and error parameters. Returns the response map with the error, optional error description, and optional state parameter.

Parses and validates an authorization request.

Takes a URL query string from the authorization endpoint and a ClientStore implementation. Parses the query parameters, validates them against the AuthorizationRequest schema, looks up the client, and validates the redirect URI, response type, and scopes. Returns the validated request map. Throws ex-info on validation errors or if the client is unknown.