> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Start

> Initiates an OAuth browser flow for the provider, scoped to the specified organization. Opens a browser session at `https://{domain}/b2b/public/oauth/{provider}/start`, then automatically exchanges the resulting token by calling `POST /sdk/v1/b2b/oauth/authenticate`, establishing a member session on success.

## Parameters

<ParamField body="loginRedirectUrl" type="String?" />

<ParamField body="signupRedirectUrl" type="String?" />

<ParamField body="organizationId" type="String?" />

<ParamField body="organizationSlug" type="String?" />

<ParamField body="customScopes" type="List<String>?" />

<ParamField body="providerParams" type="Map<String, String>?" />

<ParamField body="sessionDurationMinutes" type="Int?" />

## Returns

<ResponseField name="member" type="ApiOrganizationV1Member" required>
  The authenticated member.

  <Expandable title="properties">
    <ResponseField name="organizationId" type="String" required />

    <ResponseField name="memberId" type="String" required />

    <ResponseField name="emailAddress" type="String" required />

    <ResponseField name="status" type="String" required />

    <ResponseField name="name" type="String" required />

    <ResponseField name="ssoRegistrations" type="List<ApiOrganizationV1SSORegistration>" required>
      <Expandable title="properties">
        <ResponseField name="connectionId" type="String" required />

        <ResponseField name="externalId" type="String" required />

        <ResponseField name="registrationId" type="String" required />

        <ResponseField name="ssoAttributes" type="Map<String, JsonElement>?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="isBreakglass" type="Boolean" required />

    <ResponseField name="memberPasswordId" type="String" required />

    <ResponseField name="oauthRegistrations" type="List<ApiOrganizationV1OAuthRegistration>" required>
      <Expandable title="properties">
        <ResponseField name="providerType" type="String" required />

        <ResponseField name="providerSubject" type="String" required />

        <ResponseField name="memberOauthRegistrationId" type="String" required />

        <ResponseField name="profilePictureUrl" type="String?" />

        <ResponseField name="locale" type="String?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="emailAddressVerified" type="Boolean" required />

    <ResponseField name="mfaPhoneNumberVerified" type="Boolean" required />

    <ResponseField name="isAdmin" type="Boolean" required />

    <ResponseField name="totpRegistrationId" type="String" required />

    <ResponseField name="retiredEmailAddresses" type="List<ApiOrganizationV1RetiredEmail>" required>
      <Expandable title="properties">
        <ResponseField name="emailId" type="String" required />

        <ResponseField name="emailAddress" type="String" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="isLocked" type="Boolean" required />

    <ResponseField name="mfaEnrolled" type="Boolean" required />

    <ResponseField name="mfaPhoneNumber" type="String" required />

    <ResponseField name="defaultMfaMethod" type="String" required />

    <ResponseField name="roles" type="List<ApiOrganizationV1MemberRole>" required>
      <Expandable title="properties">
        <ResponseField name="roleId" type="String" required />

        <ResponseField name="sources" type="List<ApiOrganizationV1MemberRoleSource>" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="trustedMetadata" type="Map<String, JsonElement>?" />

    <ResponseField name="untrustedMetadata" type="Map<String, JsonElement>?" />

    <ResponseField name="createdAt" type="Instant?" />

    <ResponseField name="updatedAt" type="Instant?" />

    <ResponseField name="scimRegistration" type="ApiOrganizationV1SCIMRegistration?">
      <Expandable title="properties">
        <ResponseField name="connectionId" type="String" required />

        <ResponseField name="registrationId" type="String" required />

        <ResponseField name="externalId" type="String?" />

        <ResponseField name="scimAttributes" type="ApiB2bScimV1SCIMAttributes?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="externalId" type="String?" />

    <ResponseField name="lockCreatedAt" type="Instant?" />

    <ResponseField name="lockExpiresAt" type="Instant?" />
  </Expandable>
</ResponseField>

<ResponseField name="memberSession" type="ApiB2bSessionV1MemberSession?">
  The active member session.

  <Expandable title="properties">
    <ResponseField name="memberSessionId" type="String" required />

    <ResponseField name="memberId" type="String" required />

    <ResponseField name="startedAt" type="Instant" required />

    <ResponseField name="lastAccessedAt" type="Instant" required />

    <ResponseField name="expiresAt" type="Instant" required />

    <ResponseField name="authenticationFactors" type="List<ApiSessionV1AuthenticationFactor>" required>
      <Expandable title="properties">
        <ResponseField name="type" type="ApiSessionV1AuthenticationFactorType" required />

        <ResponseField name="deliveryMethod" type="ApiSessionV1AuthenticationFactorDeliveryMethod" required />

        <ResponseField name="lastAuthenticatedAt" type="Instant?" />

        <ResponseField name="createdAt" type="Instant?" />

        <ResponseField name="updatedAt" type="Instant?" />

        <ResponseField name="emailFactor" type="ApiSessionV1EmailFactor?" />

        <ResponseField name="phoneNumberFactor" type="ApiSessionV1PhoneNumberFactor?" />

        <ResponseField name="googleOauthFactor" type="ApiSessionV1GoogleOAuthFactor?" />

        <ResponseField name="microsoftOauthFactor" type="ApiSessionV1MicrosoftOAuthFactor?" />

        <ResponseField name="appleOauthFactor" type="ApiSessionV1AppleOAuthFactor?" />

        <ResponseField name="webauthnFactor" type="ApiSessionV1WebAuthnFactor?" />

        <ResponseField name="authenticatorAppFactor" type="ApiSessionV1AuthenticatorAppFactor?" />

        <ResponseField name="githubOauthFactor" type="ApiSessionV1GithubOAuthFactor?" />

        <ResponseField name="recoveryCodeFactor" type="ApiSessionV1RecoveryCodeFactor?" />

        <ResponseField name="facebookOauthFactor" type="ApiSessionV1FacebookOAuthFactor?" />

        <ResponseField name="cryptoWalletFactor" type="ApiSessionV1CryptoWalletFactor?" />

        <ResponseField name="amazonOauthFactor" type="ApiSessionV1AmazonOAuthFactor?" />

        <ResponseField name="bitbucketOauthFactor" type="ApiSessionV1BitbucketOAuthFactor?" />

        <ResponseField name="coinbaseOauthFactor" type="ApiSessionV1CoinbaseOAuthFactor?" />

        <ResponseField name="discordOauthFactor" type="ApiSessionV1DiscordOAuthFactor?" />

        <ResponseField name="figmaOauthFactor" type="ApiSessionV1FigmaOAuthFactor?" />

        <ResponseField name="gitLabOauthFactor" type="ApiSessionV1GitLabOAuthFactor?" />

        <ResponseField name="instagramOauthFactor" type="ApiSessionV1InstagramOAuthFactor?" />

        <ResponseField name="linkedInOauthFactor" type="ApiSessionV1LinkedInOAuthFactor?" />

        <ResponseField name="shopifyOauthFactor" type="ApiSessionV1ShopifyOAuthFactor?" />

        <ResponseField name="slackOauthFactor" type="ApiSessionV1SlackOAuthFactor?" />

        <ResponseField name="snapchatOauthFactor" type="ApiSessionV1SnapchatOAuthFactor?" />

        <ResponseField name="spotifyOauthFactor" type="ApiSessionV1SpotifyOAuthFactor?" />

        <ResponseField name="steamOauthFactor" type="ApiSessionV1SteamOAuthFactor?" />

        <ResponseField name="tikTokOauthFactor" type="ApiSessionV1TikTokOAuthFactor?" />

        <ResponseField name="twitchOauthFactor" type="ApiSessionV1TwitchOAuthFactor?" />

        <ResponseField name="twitterOauthFactor" type="ApiSessionV1TwitterOAuthFactor?" />

        <ResponseField name="embeddableMagicLinkFactor" type="ApiSessionV1EmbeddableMagicLinkFactor?" />

        <ResponseField name="biometricFactor" type="ApiSessionV1BiometricFactor?" />

        <ResponseField name="samlSsoFactor" type="ApiSessionV1SAMLSSOFactor?" />

        <ResponseField name="oidcSsoFactor" type="ApiSessionV1OIDCSSOFactor?" />

        <ResponseField name="salesforceOauthFactor" type="ApiSessionV1SalesforceOAuthFactor?" />

        <ResponseField name="yahooOauthFactor" type="ApiSessionV1YahooOAuthFactor?" />

        <ResponseField name="hubspotOauthFactor" type="ApiSessionV1HubspotOAuthFactor?" />

        <ResponseField name="slackOauthExchangeFactor" type="ApiSessionV1SlackOAuthExchangeFactor?" />

        <ResponseField name="hubspotOauthExchangeFactor" type="ApiSessionV1HubspotOAuthExchangeFactor?" />

        <ResponseField name="githubOauthExchangeFactor" type="ApiSessionV1GithubOAuthExchangeFactor?" />

        <ResponseField name="googleOauthExchangeFactor" type="ApiSessionV1GoogleOAuthExchangeFactor?" />

        <ResponseField name="impersonatedFactor" type="ApiSessionV1ImpersonatedFactor?" />

        <ResponseField name="oauthAccessTokenExchangeFactor" type="ApiSessionV1OAuthAccessTokenExchangeFactor?" />

        <ResponseField name="trustedAuthTokenFactor" type="ApiSessionV1TrustedAuthTokenFactor?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="organizationId" type="String" required />

    <ResponseField name="roles" type="List<String>" required />

    <ResponseField name="organizationSlug" type="String" required />

    <ResponseField name="customClaims" type="Map<String, JsonElement>?" />
  </Expandable>
</ResponseField>

<ResponseField name="organization" type="ApiOrganizationV1Organization" required>
  The organization the member belongs to.

  <Expandable title="properties">
    <ResponseField name="organizationId" type="String" required />

    <ResponseField name="organizationName" type="String" required />

    <ResponseField name="organizationLogoUrl" type="String" required />

    <ResponseField name="organizationSlug" type="String" required />

    <ResponseField name="ssoJitProvisioning" type="String" required />

    <ResponseField name="ssoJitProvisioningAllowedConnections" type="List<String>" required />

    <ResponseField name="ssoActiveConnections" type="List<ApiOrganizationV1ActiveSSOConnection>" required>
      <Expandable title="properties">
        <ResponseField name="connectionId" type="String" required />

        <ResponseField name="displayName" type="String" required />

        <ResponseField name="identityProvider" type="String" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="emailAllowedDomains" type="List<String>" required />

    <ResponseField name="emailJitProvisioning" type="String" required />

    <ResponseField name="emailInvites" type="String" required />

    <ResponseField name="authMethods" type="String" required />

    <ResponseField name="allowedAuthMethods" type="List<String>" required />

    <ResponseField name="mfaPolicy" type="String" required />

    <ResponseField name="rbacEmailImplicitRoleAssignments" type="List<ApiOrganizationV1EmailImplicitRoleAssignment>" required>
      <Expandable title="properties">
        <ResponseField name="domain" type="String" required />

        <ResponseField name="roleId" type="String" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="mfaMethods" type="String" required />

    <ResponseField name="allowedMfaMethods" type="List<String>" required />

    <ResponseField name="oauthTenantJitProvisioning" type="String" required />

    <ResponseField name="claimedEmailDomains" type="List<String>" required />

    <ResponseField name="firstPartyConnectedAppsAllowedType" type="String" required />

    <ResponseField name="allowedFirstPartyConnectedApps" type="List<String>" required />

    <ResponseField name="thirdPartyConnectedAppsAllowedType" type="String" required />

    <ResponseField name="allowedThirdPartyConnectedApps" type="List<String>" required />

    <ResponseField name="customRoles" type="List<ApiOrganizationV1CustomRole>" required>
      <Expandable title="properties">
        <ResponseField name="roleId" type="String" required />

        <ResponseField name="description" type="String" required />

        <ResponseField name="permissions" type="List<ApiOrganizationV1CustomRolePermission>" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="trustedMetadata" type="Map<String, JsonElement>?" />

    <ResponseField name="createdAt" type="Instant?" />

    <ResponseField name="updatedAt" type="Instant?" />

    <ResponseField name="organizationExternalId" type="String?" />

    <ResponseField name="ssoDefaultConnectionId" type="String?" />

    <ResponseField name="scimActiveConnection" type="ApiOrganizationV1ActiveSCIMConnection?">
      <Expandable title="properties">
        <ResponseField name="connectionId" type="String" required />

        <ResponseField name="displayName" type="String" required />

        <ResponseField name="bearerTokenLastFour" type="String" required />

        <ResponseField name="bearerTokenExpiresAt" type="Instant?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="allowedOauthTenants" type="Map<String, JsonElement>?" />
  </Expandable>
</ResponseField>

<ResponseField name="sessionToken" type="String" required>
  The opaque session token.
</ResponseField>

<ResponseField name="sessionJwt" type="String" required>
  The session JWT.
</ResponseField>

<RequestExample>
  ```js theme={null}
  StytchB2B.oauth.google.start({
      organizationId: "org-test-d5a3b680-e8a3-40c0-b815-ab79986666d0",
      loginRedirectUrl: "myapp://callback",
      signupRedirectUrl: "myapp://callback",
      sessionDurationMinutes: 30,
  })
  ```
</RequestExample>