Exchange OAuth code for tokens (PKCE)

curl --request POST \ --url https://api.example.com/api/auth/oauth/exchange \ --header 'Content-Type: application/json' \ --data ' { "code": "abc123...", "code_verifier": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk" } '

{ "user": { "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a", "email": "jsmith@example.com", "profile": { "name": "<string>", "avatar_url": "<string>" }, "metadata": {}, "emailVerified": true, "providers": [ "<string>" ], "createdAt": "2023-11-07T05:31:56Z", "updatedAt": "2023-11-07T05:31:56Z" }, "accessToken": "<string>", "refreshToken": "<string>" }

Query Parameters

client_type

enum<string>

default:web

Client type determines how refresh tokens are returned:

web: Refresh token stored in httpOnly cookie, csrfToken returned in response
mobile/desktop/server: refreshToken returned directly in response body

Available options:

web,

mobile,

desktop,

server

Body

application/json

code

string

required

The insforge_code received from OAuth callback redirect

Example:

"abc123..."

code_verifier

string

required

The original code_verifier used to generate code_challenge. Must be 43-128 characters, using [A-Za-z0-9-._~]

Example:

"dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"

Response

Tokens exchanged successfully

user

object

Show child attributes

accessToken

string

JWT access token for API authentication

refreshToken

string

Refresh token for obtaining new access tokens

Tables

Authentication

Records

Storage

AI Integration

Functions

Realtime

Email

Secrets

Logs

Metadata

Health

Exchange OAuth code for tokens (PKCE)

Query Parameters

Body

Response