Skip to main content
GET
/
signin
/
provider
/
{provider}
/
callback
/
tokens
Retrieve OAuth2 provider tokens from callback
curl --request GET \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/signin/provider/{provider}/callback/tokens \
  --header 'Authorization: Bearer <token>'
{
  "accessToken": "ya29.a0AfH6SMBx...",
  "expiresIn": 3599,
  "expiresAt": "2024-12-31T23:59:59Z",
  "refreshToken": "1//0gK8..."
}

Authorizations

Authorization
string
header
required

Bearer authentication with JWT access token. Used to authenticate requests to protected endpoints.

Path Parameters

provider
enum<string>
required

The name of the social provider

Available options:
apple,
github,
google,
linkedin,
discord,
spotify,
twitch,
gitlab,
bitbucket,
workos,
azuread,
entraid,
strava,
facebook,
windowslive,
twitter

Response

Successfully retrieved provider session

OAuth2 provider session containing access and refresh tokens

accessToken
string
required

OAuth2 provider access token for API calls

Example:

"ya29.a0AfH6SMBx..."

expiresIn
integer
required

Number of seconds until the access token expires

Example:

3599

expiresAt
string<date-time>
required

Timestamp when the access token expires

Example:

"2024-12-31T23:59:59Z"

refreshToken
string | null

OAuth2 provider refresh token for obtaining new access tokens (if provided by the provider)

Example:

"1//0gK8..."