Skip to main content
GET
/
auth
/
signin
/
google
/
{code}
Sign in with Google (OAuth code)
curl --request GET \
  --url http://localhost:2000/auth/signin/google/{code}
{
  "token": "<string>",
  "user": {
    "_id": "<string>",
    "emails": "[email protected]",
    "role": "user"
  }
}
Exchange Google OAuth authorization code for user profile and issue a session token. If the user does not exist, a new user is created.

Request

Path Parameters

ParameterTypeRequiredDescription
codestringYesAuthorization code returned by Google’s OAuth flow

Response

200 OK - Successful sign-in

Returns user and token. 
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "_id": "64b7f1a2e4b0a5d3f9c12345",
    "emails": "[email protected]",
    "role": "user"
  }
}

400 Bad Request

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid authorization code"
  }
}

500 Internal Server Error

{
  "error": {
    "code": "SERVER_ERROR",
    "message": "Internal server error"
  }
}

Example

curl -X GET 'http://localhost:2000/auth/signin/google/4/0AX4XfWj...'

Notes

  • The authorization code must be obtained from Google’s OAuth 2.0 flow
  • If the user doesn’t exist in the system, a new user account will be created
  • The returned token should be stored securely and used for subsequent authenticated requests
  • Token expiration time is typically 24 hours

OAuth Flow

  1. Redirect user to Google’s OAuth consent screen
  2. User authorizes the application
  3. Google redirects back with authorization code
  4. Exchange the code for access token and user profile using this endpoint

Path Parameters

code
string
required

Authorization code returned by Google's OAuth flow

Response

Successful sign-in, returns user and token

token
string
user
object