# `AshAuthentication.Phoenix.Oauth2Server.ProtocolRouter`
[🔗](https://github.com/team-alembic/ash_authentication_oauth2_server/blob/v0.1.0/lib/ash_authentication_phoenix/oauth2_server/protocol_router.ex#L5)

Plug router for the client-facing OAuth 2.1 protocol endpoints — anything
called by an external OAuth client without a browser session.

Endpoints handled:

  * `GET /oauth-authorization-server` — RFC 8414 metadata
  * `GET /oauth-protected-resource`   — RFC 9728 metadata
  * `GET /openid-configuration`       — alias for OIDC-conformant tooling
  * `POST /register`                  — RFC 7591 Dynamic Client Registration
  * `POST /token`                     — authorization_code + refresh_token grants
  * `POST /revoke`                    — RFC 7009 token revocation

Mount this behind your API pipeline (no CSRF, no session needed). For the
human-driven consent step (`/authorize`), see
`AshAuthentication.Phoenix.Oauth2Server.ConsentRouter`.

## Options

  * `:oauth2_server` (required) — the user's `Oauth2Server` config module

# `call`

# `init`

---

*Consult [api-reference.md](api-reference.md) for complete listing*