Start Google Discovery

// Client-side in the user's browser
const response = await fetch('https://test.stytch.com/v1/b2b/public/oauth/google/discovery/start?public_token=YOUR_PUBLIC_TOKEN&discovery_redirect_url=https://yourapp.com/authenticate', {
  method: 'GET',
});

  {
    "status_code": 302,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "redirect_url": "https://accounts.google.com/o/oauth2/v2/auth/identifier?client_id=example-client-id&redirect_uri=https%3A%2F%2Fstytch.com%2Fv1%2Foauth%2Foauth-callback-test-d868b16b-3ecd-49ac-7fc6-e3d1051c5d65&response_type=code&scope=openid%20email%20profile&access_type=offline&state=example-state",
  }

// Client-side in the user's browser
const response = await fetch('https://test.stytch.com/v1/b2b/public/oauth/google/discovery/start?public_token=YOUR_PUBLIC_TOKEN&discovery_redirect_url=https://yourapp.com/authenticate', {
  method: 'GET',
});

  {
    "status_code": 302,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "redirect_url": "https://accounts.google.com/o/oauth2/v2/auth/identifier?client_id=example-client-id&redirect_uri=https%3A%2F%2Fstytch.com%2Fv1%2Foauth%2Foauth-callback-test-d868b16b-3ecd-49ac-7fc6-e3d1051c5d65&response_type=code&scope=openid%20email%20profile&access_type=offline&state=example-state",
  }

// Client-side in the user's browser
const response = await fetch('https://test.stytch.com/v1/b2b/public/oauth/google/discovery/start?public_token=YOUR_PUBLIC_TOKEN&discovery_redirect_url=https://yourapp.com/authenticate', {
  method: 'GET',
});

  {
    "status_code": 302,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "redirect_url": "https://accounts.google.com/o/oauth2/v2/auth/identifier?client_id=example-client-id&redirect_uri=https%3A%2F%2Fstytch.com%2Fv1%2Foauth%2Foauth-callback-test-d868b16b-3ecd-49ac-7fc6-e3d1051c5d65&response_type=code&scope=openid%20email%20profile&access_type=offline&state=example-state",
  }

GET

b2b

public

oauth

google

discovery

start

// Client-side in the user's browser
const response = await fetch('https://test.stytch.com/v1/b2b/public/oauth/google/discovery/start?public_token=YOUR_PUBLIC_TOKEN&discovery_redirect_url=https://yourapp.com/authenticate', {
  method: 'GET',
});

  {
    "status_code": 302,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "redirect_url": "https://accounts.google.com/o/oauth2/v2/auth/identifier?client_id=example-client-id&redirect_uri=https%3A%2F%2Fstytch.com%2Fv1%2Foauth%2Foauth-callback-test-d868b16b-3ecd-49ac-7fc6-e3d1051c5d65&response_type=code&scope=openid%20email%20profile&access_type=offline&state=example-state",
  }

A client-side endpoint (can only be queried from the browser) that starts the Google flow. This endpoint generates a Google OAuth URL with all required fields and redirects the user to that URL. The user authenticates with Google before getting redirected back to Stytch. After verifying the request, Stytch redirects the user back to the discovery_redirect_url provided.

Scopes

By default our Google OAuth integration requests the open_id, email and profile scopes. You may add any additional Google API scopes (see here for a complete list) as a space separated list in the custom_scopes query parameter.

Authenticating the OAuth Token

Once the user successfully authenticates with Google, they’ll be redirected to the redirect URL that you provided at the start of the OAuth flow with a Stytch OAuth token. Collect the token from the URL query parameters, then call Authenticate Discovery OAuth to exchange it for an Intermediate Session Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes.

Path Parameters

public_token

string

required

The public token found in your Stytch Dashboard. Since this endpoint must be called client-side, the public token authenticates the request instead of the project ID and secret.

discovery_redirect_url

string

The URL Stytch redirects to after the OAuth flow is completed. This URL should be a route in your application which will call OAuth Discovery Authenticate and finish the login.The URL must be configured as a Discovery URL in your Stytch Dashboard. If the field is not specified, the default Discovery URL will be used.

custom_scopes

string

A space-separated list of custom scopes that you’d like to include. Note that this list must be URL encoded (e.g. the spaces must be expressed as %20).

provider_[parameter_name]

string

Any parameters that should be forwarded to the OAuth provider can be passed as query parameters with the provider_ prefix. For example, some OAuth providers support a login_hint parameter that allows you to pre-populate the OAuth login flow with a suggested email address. To specify the login_hint parameter in your OAuth request, include provider_login_hint=exampleHint as a query parameter.We recommend consulting each OAuth provider’s documentation for a list of supported parameters.

pkce_code_challenge

string

A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.

Response

redirect_url

string

The url to redirect to. This should be done automatically by the browser.

status_code

number

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

request_id

string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

⌘I

​Scopes

​Authenticating the OAuth Token

​Path Parameters

​Response

Scopes

Authenticating the OAuth Token

Path Parameters

Response