> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getcore.me/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth2 Authorization Endpoint

> OAuth2 authorization endpoint supporting authorization code flow with PKCE.
Requires user to be logged in via session cookie.




## OpenAPI

````yaml /openapi.json get /oauth/authorize
openapi: 3.0.3
info:
  title: CORE API
  version: 1.0.0
  description: >
    CORE is a memory sharing platform for LLMs with graph-based storage,
    temporal facts, and comprehensive search capabilities.


    ## Authentication


    CORE supports multiple authentication methods:

    - **Bearer Token**: Personal API tokens or OAuth2 access tokens

    - **OAuth2**: Full OAuth2 authorization code flow with PKCE support

    - **Session Cookies**: For web interface access


    Most API endpoints support Bearer token authentication via the Authorization
    header:

    ```

    Authorization: Bearer YOUR_TOKEN_HERE

    ```


    ## Features


    - **Temporal Knowledge Graph**: Store and query facts with temporal validity

    - **Labels**: Organize knowledge with workspace-scoped tags

    - **Search**: Advanced semantic search with graph traversal

    - **Ingestion**: Process and extract facts from various data sources  

    - **Integrations**: Connect with external platforms via OAuth2

    - **MCP Support**: Model Context Protocol for AI assistant integration

    - **Webhooks**: Real-time notifications for data changes
  contact:
    name: Core
    url: https://github.com/redplanethq/core
servers:
  - url: '{protocol}://{domain}'
    description: Configurable CORE server
    variables:
      protocol:
        default: https
        enum:
          - http
          - https
        description: The protocol to use
      domain:
        default: app.getcore.me
        description: The CORE API domain
security:
  - bearerAuth: []
  - oauth2: []
paths:
  /oauth/authorize:
    get:
      summary: OAuth2 Authorization Endpoint
      description: >
        OAuth2 authorization endpoint supporting authorization code flow with
        PKCE.

        Requires user to be logged in via session cookie.
      parameters:
        - name: client_id
          in: query
          required: true
          schema:
            type: string
          description: OAuth2 client identifier
        - name: redirect_uri
          in: query
          required: true
          schema:
            type: string
            format: uri
          description: Redirect URI after authorization
        - name: response_type
          in: query
          required: true
          schema:
            type: string
            enum:
              - code
          description: Must be 'code' for authorization code flow
        - name: scope
          in: query
          schema:
            type: string
          description: Space-separated list of requested scopes
          example: read write mcp
        - name: state
          in: query
          schema:
            type: string
          description: State parameter for CSRF protection
        - name: code_challenge
          in: query
          schema:
            type: string
          description: PKCE code challenge
        - name: code_challenge_method
          in: query
          schema:
            type: string
            enum:
              - S256
              - plain
          description: PKCE code challenge method
      responses:
        '200':
          description: Authorization page displayed
        '302':
          description: Redirect to login if not authenticated
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OAuth2Error'
          description: Invalid request parameters
      security:
        - {}
components:
  schemas:
    OAuth2Error:
      type: object
      properties:
        error:
          type: string
          enum:
            - invalid_request
            - invalid_client
            - invalid_grant
            - unauthorized_client
            - unsupported_grant_type
            - invalid_scope
        error_description:
          type: string
        error_uri:
          type: string
        state:
          type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: |
        Bearer token authentication supports:
        - Personal API tokens (PATs)
        - OAuth2 access tokens
        - JWT tokens

        Example: `Authorization: Bearer your_token_here`
    oauth2:
      type: oauth2
      description: |
        OAuth2 authorization code flow with PKCE support.
        Supports scopes: read, write, mcp, integration, oauth
      flows:
        authorizationCode:
          authorizationUrl: /oauth/authorize
          tokenUrl: /oauth/token
          refreshUrl: /oauth/token
          scopes:
            read: Read access to user data
            write: Write access to user data
            mcp: MCP (Model Context Protocol) access
            integration: Access to integrations
            oauth: OAuth client management

````