Module authorize_routes 

Structs

AuthorizeParams

Query parameters for GET /oauth/authorize. All fields are Option so we can produce specific error messages for each. RF-2: client_id is Option<ClientId> — ClientId derives Deserialize, so Axum deserializes it directly without needing new_unchecked.

ConsentContext

Data for the consent screen. M39 produces this; M40 renders it.

ConsentNeededData

ConsentSubmission

Form body for POST /oauth/authorize (consent submission).

ValidatedAuthorize

Validated parameters after all authorization checks pass.

Enums

AuthorizeOutcome

Result of the full authorization check: either a redirect response or a signal that the consent screen should be rendered.

Functions

authorize_post

check_authorization

Run the full authorization flow: validate params, check session, check consent, and either produce a redirect or signal consent needed.

issue_code_and_redirect

Generate an authorization code, store it, and redirect with code+state.

resolve_user

Resolve the authenticated user from session cookie, or None if not authenticated. Uses the same pattern as require_session in oauth_routes.rs: session_config().cookie_name -> db().validate_session() -> db().get_user() -> is_active check

validate_authorize_params

Validate authorization request parameters (steps 1-7 from the spec). Steps 1-3 return display errors. Steps 4-7 return redirect errors.