Skip to content

LoginOAuth

Jump to bottom
Walter Lara edited this page Sep 27, 2024 · 7 revisions

Login using OAuth

Allows login using an OAuth2 provider. Currently, supported providers are Google, Facebook, Linked-In and Apple OAuth2. Depending on the provider, login can be done by using OAuth2 access token, ID token or authorization code with optional redirect URI. On success, this API call provides a JWT access token that can be used to access protected resources and a refresh token.

Request

URLs:

/v1/auth/login/google

/v1/auth/login/apple

/v1/auth/login/facebook

/v1/auth/login/linkedit

Method: POST

Path Parameters: None

Query Parameters: None

Headers:

Content-Type: application/json

Accept: application/json

g-recaptcha-platform: {Web|Android|iOS}

g-recaptcha-token: {reCAPTCHA Token for "login_google", "login_apple", "login_facebook" or "login_linkedit" action}

Content:

Field Type Description Requirement Type
accessToken string OAuth2 access token (hex-string encoded). Currently, not suppported for Apple. Required only if idToken and code not specified.
idToken string OAuth2 ID token (hex-string encoded). Currently, only suppported for Apple. Required only if accessToken and code not specified.
code string OAuth2 authorization code (hex-string encoded). Required only if accessToken and idToken not specified.
redirectUri string OAuth2 redirection URI. Required only if accessToken and idToken not specified. Some mobile clients don't require it (check Client SDK documentation)
clientPlatform string Client platform type. Valid values are: Web, Android and IOS. Defaults to Web if missing. Optional

Content example (using OAuth2 access token):

{
    "accessToken": "93144b288eb1fdccbe46d6fc0f241a51766ecd3d"
}

Content example (using OAuth2 ID token):

{
    "idToken": "5677b288eb1fdccbe46d6fc0f241a51766sht3"
}

Content example (using OAuth2 authorization code & redirect URI):

{
    "code": "46d6fc0f293144b288eb1fdccbe41a51766ecd3d",
    "redirectUri": "https://somehost.com:3000/facebook"
}

✅ Success Response

Code: 200 OK

Headers:

Content-Type: application/json

Content:

Field Type Description Condition
accessToken string JWT token usable to access protected resources. Always
refreshToken string JWT token usable one-time only to refresh an expired accessToken. Always

Content example:

{
    "accessToken": "93144b288eb1fdccbe46d6fc0f241a51766ecd3d",
    "refreshToken": "6d6fc0f241a51766ecd3d93144b288eb1fdccbe4"
}

❌ Error Responses

1. Bad Request

Code: 400 BAD REQUEST

Condition: If missing accessToken, idToken and code.

Headers:

Content-Type: application/json

Content example:

{
    "code": 400,
    "description": "Bad Request",
    "cause": "missing code"
}

2. Unauthorized

Code: 401 UNAUTHORIZED

Condition: If any of accessToken, idToken or code is invalid or expired.

Headers:

Content-Type: application/json

Content example:

{
    "code": 401,
    "description": "Unauthorized",
    "cause": "Verification failed: accessToken is expired"
}

See Also

Login using Email/Password

Refresh JWT Access Token

Decode JWT Access Token

Request 2FA Code

Clone this wiki locally