> ## Documentation Index
> Fetch the complete documentation index at: https://docs.usechar.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get OAuth session info for consent page

> Retrieves user information, CSRF token, and authorized domains for the OAuth consent page. The session ID is obtained from the OAuth callback redirect.



## OpenAPI

````yaml https://app.usechar.ai/api/spec.json get /oauth/session-info
openapi: 3.1.1
info:
  title: Char API
  version: 1.0.0
  description: >-
    REST API for managing organizations, identity providers, end users, skills,
    threads, usage, and subscriptions.


    ## Authentication


    This API uses Bearer token authentication with WorkOS JWT tokens. Include
    the token in the Authorization header:


    ```

    Authorization: Bearer <your-jwt-token>

    ```


    ## Authorization Levels


    - **Public endpoints**: No authentication required

    - **Protected endpoints**: Require valid JWT token (user authentication)

    - **Organization endpoints**: Require valid JWT token with organization
    context selected


    Most endpoints require organization context. Ensure your JWT token includes
    the `org_id` claim.


    ## Data Formats


    ### Allowed Domains

    The `allowed_domains` field is an array of origins (e.g.,
    `https://app.example.com`). It is stored as JSON internally but surfaced as
    an array in the API.


    ### Timestamps

    All timestamps are returned as ISO 8601 strings (e.g.,
    `"2025-01-15T10:30:00.000Z"`).


    ## Rate Limits


    No application-level rate limiting is currently enforced.


    ## Error Responses


    All errors follow a consistent format:


    ```json

    {
      "code": "ERROR_CODE",
      "status": 400,
      "message": "Human-readable error message",
      "data": { /* optional additional details */ }
    }

    ```


    ### Error Codes


    | data.code | Description |

    |-----------|-------------|

    | `VALIDATION_ERROR` | Invalid input data (400) |

    | `AUTH_REQUIRED` | Missing or invalid authentication (401) |

    | `ACCESS_DENIED` | Permission denied (403) |

    | `PAYMENT_REQUIRED` | Subscription required (403) |

    | `ORG_CONTEXT_REQUIRED` | Organization selection required (403) |

    | `RESOURCE_NOT_FOUND` | Resource missing (404) |

    | `DUPLICATE_RESOURCE` | Resource already exists (409) |

    | `INTERNAL_ERROR` | Server-side error (500) |
servers:
  - url: https://app.usechar.ai/api
    description: Production API
security:
  - bearerAuth: []
tags:
  - name: Auth
    description: >-
      Authentication operations including session management and logout. All
      auth endpoints require a valid JWT token.
  - name: Users
    description: >-
      Access the current authenticated user's profile and organization
      memberships.
  - name: Organizations
    description: Organization details, members, and configuration such as allowed domains.
  - name: Identity Providers
    description: Manage SSO configuration and test IDP connectivity.
  - name: Directories
    description: Directory sync resources backed by WorkOS directories.
  - name: End Users
    description: End users who interact with embedded widgets, identified by IDP tokens.
  - name: Organization Skills
    description: CRUD for SKILL.md content following the Agent Skills spec.
  - name: Threads
    description: Conversation thread metadata and management.
  - name: Usage Analytics
    description: Usage and token analytics for the organization.
  - name: Plan Tiers
    description: Plan tiers and limit definitions.
  - name: Subscriptions
    description: Billing and subscription status via Polar integration.
  - name: OAuth
    description: OAuth 2.0 authorization flow endpoints for MCP client authentication.
  - name: OAuth Discovery
    description: RFC 8414/8707 well-known discovery endpoints for OAuth 2.0.
paths:
  /oauth/session-info:
    get:
      tags:
        - OAuth
      summary: Get OAuth session info for consent page
      description: >-
        Retrieves user information, CSRF token, and authorized domains for the
        OAuth consent page. The session ID is obtained from the OAuth callback
        redirect.
      operationId: oauth_session_info
      parameters:
        - name: session
          in: query
          required: true
          schema:
            type: string
            description: Session UUID from OAuth callback
          allowEmptyValue: true
          allowReserved: true
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  user:
                    type: object
                    properties:
                      email:
                        type: string
                        description: User's email address
                      name:
                        anyOf:
                          - type: string
                          - type: 'null'
                        description: User's display name
                      organizationName:
                        anyOf:
                          - type: string
                          - type: 'null'
                        description: Organization name if applicable
                    required:
                      - email
                      - name
                      - organizationName
                  domains:
                    type: array
                    items:
                      type: string
                    description: List of authorized domains
                  csrfToken:
                    type: string
                    description: CSRF token for consent form submission
                  warning:
                    type: string
                    description: Warning message (e.g., org context failed to load)
                  needsOrgCreation:
                    type: boolean
                    description: >-
                      Whether user needs to create an organization before
                      continuing
                  suggestedOrgName:
                    anyOf:
                      - type: string
                      - type: 'null'
                    description: Suggested organization name from email domain
                required:
                  - user
                  - domains
                  - csrfToken
                  - needsOrgCreation
                  - suggestedOrgName
        '400':
          description: '400'
          content:
            application/json:
              schema:
                oneOf:
                  - type: object
                    properties:
                      defined:
                        const: true
                      code:
                        const: BAD_REQUEST
                      status:
                        const: 400
                      message:
                        type: string
                        default: Invalid request
                      data:
                        type: object
                        properties:
                          code:
                            const: BAD_REQUEST
                          details:
                            type: string
                        required:
                          - code
                    required:
                      - defined
                      - code
                      - status
                      - message
                      - data
                  - type: object
                    properties:
                      defined:
                        const: true
                      code:
                        const: SESSION_EXPIRED
                      status:
                        const: 400
                      message:
                        type: string
                        default: Session expired or invalid
                      data:
                        type: object
                        properties:
                          code:
                            const: SESSION_EXPIRED
                        required:
                          - code
                    required:
                      - defined
                      - code
                      - status
                      - message
                      - data
                  - type: object
                    properties:
                      defined:
                        const: false
                      code:
                        type: string
                      status:
                        type: number
                      message:
                        type: string
                      data: {}
                    required:
                      - defined
                      - code
                      - status
                      - message
        '409':
          description: '409'
          content:
            application/json:
              schema:
                oneOf:
                  - type: object
                    properties:
                      defined:
                        const: true
                      code:
                        const: CONFLICT
                      status:
                        const: 409
                      message:
                        type: string
                        default: Resource conflict
                      data:
                        type: object
                        properties:
                          code:
                            const: DUPLICATE_RESOURCE
                          resource:
                            type: string
                          conflictingField:
                            type: string
                        required:
                          - code
                          - resource
                          - conflictingField
                    required:
                      - defined
                      - code
                      - status
                      - message
                      - data
                  - type: object
                    properties:
                      defined:
                        const: false
                      code:
                        type: string
                      status:
                        type: number
                      message:
                        type: string
                      data: {}
                    required:
                      - defined
                      - code
                      - status
                      - message
        '500':
          description: '500'
          content:
            application/json:
              schema:
                oneOf:
                  - type: object
                    properties:
                      defined:
                        const: true
                      code:
                        const: INTERNAL_SERVER_ERROR
                      status:
                        const: 500
                      message:
                        type: string
                        default: Internal server error
                      data:
                        type: object
                        properties:
                          code:
                            const: INTERNAL_ERROR
                        required:
                          - code
                    required:
                      - defined
                      - code
                      - status
                      - message
                      - data
                  - type: object
                    properties:
                      defined:
                        const: false
                      code:
                        type: string
                      status:
                        type: number
                      message:
                        type: string
                      data: {}
                    required:
                      - defined
                      - code
                      - status
                      - message
      security: []
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        WorkOS JWT token. Obtain via WorkOS AuthKit authentication flow. The
        token must include organization_id claim for organization-scoped
        endpoints.

````