OAuth callback (POST) - Prelude Docs

POST

session

oauth

{provider}

callback

OAuth callback (POST)

curl --request POST \
  --url https://{appId}.session.prelude.dev/v1/session/login/oauth/{provider}/callback \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'state=<string>' \
  --data 'code=<string>' \
  --data 'error=<string>' \
  --data 'error_description=<string>'

Path Parameters

provider

string

required

The OAuth provider identifier

Example:

"apple"

Body

application/x-www-form-urlencoded

state

string

required

The state parameter for CSRF protection

code

string

The authorization code from the OAuth provider

error

string

Error code from the OAuth provider

error_description

string

Error description from the OAuth provider

Response

Redirect to the client application's redirect_uri with one of:

challenge_token=<jwt> — login may be finalized via the Finalize login endpoint.
challenge_token=<jwt>&status=otp_required — the OAuth provider has verify_email=true and the IdP returned an unverified email. The SDK sends an email OTP and the host app must collect the code via the OTP screen; the SDK finalizes the login automatically once the OTP is verified.
error=<code>&error_description=<message> — provider error or Session-level rejection (e.g. email_already_in_use).

Initiate SAML login (resolve by email)Start an SP-initiated SAML SSO flow, resolving the connection from the email's domain. The domain must match exactly one enabled connection's `email_domain_allowlist`. On success, returns the IdP URL the SDK navigates the user to; the IdP eventually posts a `SAMLResponse` back to the connection's [ACS endpoint](/session/api-reference/frontend/saml-acs).

OAuth callback (POST)

curl --request POST \
  --url https://{appId}.session.prelude.dev/v1/session/login/oauth/{provider}/callback \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'state=<string>' \
  --data 'code=<string>' \
  --data 'error=<string>' \
  --data 'error_description=<string>'