Skip to main content
POST
Sign in with ID token (Google One Tap, native SDKs)

Query Parameters

client_type
enum<string>
default:web

Client type determines how refresh tokens are returned:

  • web: Refresh token stored in httpOnly cookie, csrfToken returned in response
  • mobile/desktop/server: refreshToken returned directly in response body
Available options:
web,
mobile,
desktop,
server

Body

application/json
provider
enum<string>
required

Identity provider that issued the token

Available options:
google
token
string
required

Raw ID token from the provider SDK

Response

Sign-in successful

user
object
accessToken
string
csrfToken
string | null

CSRF token for use with refresh endpoint (web clients only)

refreshToken
string | null

Refresh token for mobile/desktop/server clients (null for web clients)