Skip to main content
POST
/
v1
/
session
/
login
/
oauth
/
{provider}
/
callback
OAuth callback (POST)
curl --request POST \
  --url https://{appId}.session.prelude.dev/v1/session/login/oauth/{provider}/callback \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'state=<string>' \
  --data 'code=<string>' \
  --data 'error=<string>' \
  --data 'error_description=<string>'

Documentation Index

Fetch the complete documentation index at: https://docs.prelude.so/llms.txt

Use this file to discover all available pages before exploring further.

Path Parameters

provider
string
required

The OAuth provider identifier

Example:

"apple"

Body

application/x-www-form-urlencoded
state
string
required

The state parameter for CSRF protection

code
string

The authorization code from the OAuth provider

error
string

Error code from the OAuth provider

error_description
string

Error description from the OAuth provider

Response

Redirect to the client application's redirect_uri with one of:

  • challenge_token=<jwt> — login may be finalized via the Finalize login endpoint.
  • challenge_token=<jwt>&status=otp_required — the OAuth provider has verify_email=true and the IdP returned an unverified email. The SDK sends an email OTP and the host app must collect the code via the OTP screen; the SDK finalizes the login automatically once the OTP is verified.
  • error=<code>&error_description=<message> — provider error or Session-level rejection (e.g. email_already_in_use).