pub async fn authorize(
__arg0: State<ApiState>,
headers: HeaderMap,
__arg2: Query<AuthorizationRequest>,
) -> impl IntoResponseExpand description
GET /oauth/authorize OAuth 2.0 authorization endpoint — validates the client and redirect_uri, generates an authorization code, and redirects the user-agent back to the client (RFC 6749 §4.1.2).
SECURITY: The caller must supply their access token as Authorization: Bearer <token>.
The authenticated user’s identity is recorded in the authorization code so it can be
used when the client exchanges the code for tokens. Issuing codes without a verified
user identity would allow any party that knows a valid client_id to obtain tokens.