Skip to content
Nhost Documentation
Support Dashboard

OAuth2 provider callback endpoint

GET
/signin/provider/{provider}/callback

Handles the callback from OAuth2 providers after user authorization. Processes the authorization code and creates a user session. This endpoint is where the signin-vs-signup decision (from the signed flow state claim) and the AUTH_DISABLE_AUTO_SIGNUP gate are actually enforced: on a flow=signin state with an unknown user and the flag enabled, the user is redirected with error=invalid-email-password; on a flow=signup state with an existing user, the user is redirected with error=user-already-exists.

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
provider
required
string
Allowed values: apple github google linkedin discord spotify twitch gitlab bitbucket workos azuread entraid strava facebook windowslive twitter

The name of the social provider

Query Parameters

Section titled “Query Parameters ”
code
string

Authorization code provided by the authentication provider

id_token
string

ID token provided by the authentication provider

state
required
string

State parameter to avoid CSRF attacks

oauth_token
string

OAuth token for the provider (e.g., X)

oauth_verifier
string

OAuth verifier for the provider (e.g., X)

error
string

Error message if authentication failed

error_description
string

Detailed error description if authentication failed

error_uri
string

URI with more information about the error

Responses

Section titled “ Responses ”

302

Section titled “302 ”

Redirect to client application after successful authentication

Headers

Section titled “Headers ”
Location
required
string format: uri

URL to redirect to

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user user-already-exists email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked