Skip to content
Nhost Documentation
Support Dashboard

Retrieve OAuth2 provider tokens from callback

GET
/signin/provider/{provider}/callback/tokens

After successful OAuth2 authentication, retrieve the provider session containing access token, refresh token, and expiration information for the specified provider. To ensure the data isn’t stale this endpoint must be called immediately after the OAuth callback to obtain the tokens. The session is cleared from the database during this call, so subsequent calls will fail without going through the sign-in flow again. It is the user’s responsibility to store the session safely (e.g., in browser local storage).

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
provider
required
string
Allowed values: apple github google linkedin discord spotify twitch gitlab bitbucket workos azuread entraid strava facebook windowslive twitter

The name of the social provider

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Successfully retrieved provider session

OAuth2 provider session containing access and refresh tokens

object
accessToken
required

OAuth2 provider access token for API calls

string
Example
ya29.a0AfH6SMBx...
expiresIn
required

Number of seconds until the access token expires

integer
Example
3599
expiresAt
required

Timestamp when the access token expires

string format: date-time
Example
2024-12-31T23:59:59Z
refreshToken

OAuth2 provider refresh token for obtaining new access tokens (if provided by the provider)

string
nullable
Example
1//0gK8...

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked