Plug router for the client-facing OAuth 2.1 protocol endpoints — anything called by an external OAuth client without a browser session.

Endpoints handled:

• GET /oauth-authorization-server — RFC 8414 metadata
• GET /oauth-protected-resource — RFC 9728 metadata
• GET /openid-configuration — alias for OIDC-conformant tooling
• POST /register — RFC 7591 Dynamic Client Registration
• POST /token — authorization_code + refresh_token grants
• POST /revoke — RFC 7009 token revocation

Mount this behind your API pipeline (no CSRF, no session needed). For the human-driven consent step (/authorize), see AshAuthentication.Phoenix.Oauth2Server.ConsentRouter.

Options

• :oauth2_server (required) — the user's Oauth2Server config module