> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate

> Authenticates an OAuth token received from a deeplink after the browser-based OAuth flow completes. Calls the `POST /sdk/v1/oauth/authenticate` endpoint. Retrieves the PKCE code verifier stored during the corresponding [OAuthType.start] call.

## Parameters

<ParamField body="token" type="String" required />

<ParamField body="sessionDurationMinutes" type="Int" required />

## Returns

<ResponseField name="requestId" type="String" required />

<ResponseField name="userId" type="String" required />

<ResponseField name="providerSubject" type="String" required />

<ResponseField name="providerType" type="String" required />

<ResponseField name="session" type="ApiSessionV1Session" required>
  <Expandable title="properties">
    <ResponseField name="sessionId" type="String" required />

    <ResponseField name="userId" type="String" required />

    <ResponseField name="authenticationFactors" type="List<ApiSessionV1AuthenticationFactor>" required>
      <Expandable title="properties">
        <ResponseField name="type" type="ApiSessionV1AuthenticationFactorType" required />

        <ResponseField name="deliveryMethod" type="ApiSessionV1AuthenticationFactorDeliveryMethod" required />

        <ResponseField name="lastAuthenticatedAt" type="Instant?" />

        <ResponseField name="createdAt" type="Instant?" />

        <ResponseField name="updatedAt" type="Instant?" />

        <ResponseField name="emailFactor" type="ApiSessionV1EmailFactor?" />

        <ResponseField name="phoneNumberFactor" type="ApiSessionV1PhoneNumberFactor?" />

        <ResponseField name="googleOauthFactor" type="ApiSessionV1GoogleOAuthFactor?" />

        <ResponseField name="microsoftOauthFactor" type="ApiSessionV1MicrosoftOAuthFactor?" />

        <ResponseField name="appleOauthFactor" type="ApiSessionV1AppleOAuthFactor?" />

        <ResponseField name="webauthnFactor" type="ApiSessionV1WebAuthnFactor?" />

        <ResponseField name="authenticatorAppFactor" type="ApiSessionV1AuthenticatorAppFactor?" />

        <ResponseField name="githubOauthFactor" type="ApiSessionV1GithubOAuthFactor?" />

        <ResponseField name="recoveryCodeFactor" type="ApiSessionV1RecoveryCodeFactor?" />

        <ResponseField name="facebookOauthFactor" type="ApiSessionV1FacebookOAuthFactor?" />

        <ResponseField name="cryptoWalletFactor" type="ApiSessionV1CryptoWalletFactor?" />

        <ResponseField name="amazonOauthFactor" type="ApiSessionV1AmazonOAuthFactor?" />

        <ResponseField name="bitbucketOauthFactor" type="ApiSessionV1BitbucketOAuthFactor?" />

        <ResponseField name="coinbaseOauthFactor" type="ApiSessionV1CoinbaseOAuthFactor?" />

        <ResponseField name="discordOauthFactor" type="ApiSessionV1DiscordOAuthFactor?" />

        <ResponseField name="figmaOauthFactor" type="ApiSessionV1FigmaOAuthFactor?" />

        <ResponseField name="gitLabOauthFactor" type="ApiSessionV1GitLabOAuthFactor?" />

        <ResponseField name="instagramOauthFactor" type="ApiSessionV1InstagramOAuthFactor?" />

        <ResponseField name="linkedInOauthFactor" type="ApiSessionV1LinkedInOAuthFactor?" />

        <ResponseField name="shopifyOauthFactor" type="ApiSessionV1ShopifyOAuthFactor?" />

        <ResponseField name="slackOauthFactor" type="ApiSessionV1SlackOAuthFactor?" />

        <ResponseField name="snapchatOauthFactor" type="ApiSessionV1SnapchatOAuthFactor?" />

        <ResponseField name="spotifyOauthFactor" type="ApiSessionV1SpotifyOAuthFactor?" />

        <ResponseField name="steamOauthFactor" type="ApiSessionV1SteamOAuthFactor?" />

        <ResponseField name="tikTokOauthFactor" type="ApiSessionV1TikTokOAuthFactor?" />

        <ResponseField name="twitchOauthFactor" type="ApiSessionV1TwitchOAuthFactor?" />

        <ResponseField name="twitterOauthFactor" type="ApiSessionV1TwitterOAuthFactor?" />

        <ResponseField name="embeddableMagicLinkFactor" type="ApiSessionV1EmbeddableMagicLinkFactor?" />

        <ResponseField name="biometricFactor" type="ApiSessionV1BiometricFactor?" />

        <ResponseField name="samlSsoFactor" type="ApiSessionV1SAMLSSOFactor?" />

        <ResponseField name="oidcSsoFactor" type="ApiSessionV1OIDCSSOFactor?" />

        <ResponseField name="salesforceOauthFactor" type="ApiSessionV1SalesforceOAuthFactor?" />

        <ResponseField name="yahooOauthFactor" type="ApiSessionV1YahooOAuthFactor?" />

        <ResponseField name="hubspotOauthFactor" type="ApiSessionV1HubspotOAuthFactor?" />

        <ResponseField name="slackOauthExchangeFactor" type="ApiSessionV1SlackOAuthExchangeFactor?" />

        <ResponseField name="hubspotOauthExchangeFactor" type="ApiSessionV1HubspotOAuthExchangeFactor?" />

        <ResponseField name="githubOauthExchangeFactor" type="ApiSessionV1GithubOAuthExchangeFactor?" />

        <ResponseField name="googleOauthExchangeFactor" type="ApiSessionV1GoogleOAuthExchangeFactor?" />

        <ResponseField name="impersonatedFactor" type="ApiSessionV1ImpersonatedFactor?" />

        <ResponseField name="oauthAccessTokenExchangeFactor" type="ApiSessionV1OAuthAccessTokenExchangeFactor?" />

        <ResponseField name="trustedAuthTokenFactor" type="ApiSessionV1TrustedAuthTokenFactor?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="roles" type="List<String>" required />

    <ResponseField name="startedAt" type="Instant?" />

    <ResponseField name="lastAccessedAt" type="Instant?" />

    <ResponseField name="expiresAt" type="Instant?" />

    <ResponseField name="attributes" type="ApiAttributeV1Attributes?">
      <Expandable title="properties">
        <ResponseField name="ipAddress" type="String?" />

        <ResponseField name="userAgent" type="String?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="customClaims" type="Map<String, JsonElement>?" />
  </Expandable>
</ResponseField>

<ResponseField name="sessionToken" type="String" required />

<ResponseField name="sessionJwt" type="String" required />

<ResponseField name="providerValues" type="ApiOauthV1ProviderValues" required>
  <Expandable title="properties">
    <ResponseField name="accessToken" type="String" required />

    <ResponseField name="refreshToken" type="String" required />

    <ResponseField name="idToken" type="String" required />

    <ResponseField name="scopes" type="List<String>" required />

    <ResponseField name="expiresAt" type="Instant?" />
  </Expandable>
</ResponseField>

<ResponseField name="user" type="ApiUserV1User" required>
  <Expandable title="properties">
    <ResponseField name="userId" type="String" required />

    <ResponseField name="emails" type="List<ApiUserV1Email>" required>
      <Expandable title="properties">
        <ResponseField name="emailId" type="String" required />

        <ResponseField name="email" type="String" required />

        <ResponseField name="verified" type="Boolean" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="status" type="String" required />

    <ResponseField name="phoneNumbers" type="List<ApiUserV1PhoneNumber>" required>
      <Expandable title="properties">
        <ResponseField name="phoneId" type="String" required />

        <ResponseField name="phoneNumber" type="String" required />

        <ResponseField name="verified" type="Boolean" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="webauthnRegistrations" type="List<ApiUserV1WebAuthnRegistration>" required>
      <Expandable title="properties">
        <ResponseField name="webauthnRegistrationId" type="String" required />

        <ResponseField name="domain" type="String" required />

        <ResponseField name="userAgent" type="String" required />

        <ResponseField name="verified" type="Boolean" required />

        <ResponseField name="authenticatorType" type="String" required />

        <ResponseField name="name" type="String" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="providers" type="List<ApiUserV1OAuthProvider>" required>
      <Expandable title="properties">
        <ResponseField name="providerType" type="String" required />

        <ResponseField name="providerSubject" type="String" required />

        <ResponseField name="profilePictureUrl" type="String" required />

        <ResponseField name="locale" type="String" required />

        <ResponseField name="oauthUserRegistrationId" type="String" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="totps" type="List<ApiUserV1TOTP>" required>
      <Expandable title="properties">
        <ResponseField name="totpId" type="String" required />

        <ResponseField name="verified" type="Boolean" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="cryptoWallets" type="List<ApiUserV1CryptoWallet>" required>
      <Expandable title="properties">
        <ResponseField name="cryptoWalletId" type="String" required />

        <ResponseField name="cryptoWalletAddress" type="String" required />

        <ResponseField name="cryptoWalletType" type="String" required />

        <ResponseField name="verified" type="Boolean" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="biometricRegistrations" type="List<ApiUserV1BiometricRegistration>" required>
      <Expandable title="properties">
        <ResponseField name="biometricRegistrationId" type="String" required />

        <ResponseField name="verified" type="Boolean" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="isLocked" type="Boolean" required />

    <ResponseField name="roles" type="List<String>" required />

    <ResponseField name="name" type="ApiUserV1Name?">
      <Expandable title="properties">
        <ResponseField name="firstName" type="String?" />

        <ResponseField name="middleName" type="String?" />

        <ResponseField name="lastName" type="String?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="createdAt" type="Instant?" />

    <ResponseField name="password" type="ApiUserV1Password?">
      <Expandable title="properties">
        <ResponseField name="passwordId" type="String" required />

        <ResponseField name="requiresReset" type="Boolean" required />
      </Expandable>
    </ResponseField>

    <ResponseField name="trustedMetadata" type="Map<String, JsonElement>?" />

    <ResponseField name="untrustedMetadata" type="Map<String, JsonElement>?" />

    <ResponseField name="externalId" type="String?" />

    <ResponseField name="lockCreatedAt" type="Instant?" />

    <ResponseField name="lockExpiresAt" type="Instant?" />
  </Expandable>
</ResponseField>

<ResponseField name="resetSessions" type="Boolean" required />

<ResponseField name="oauthUserRegistrationId" type="String" required />

<ResponseField name="statusCode" type="Int" required />

<ResponseField name="userSession" type="ApiSessionV1Session?">
  <Expandable title="properties">
    <ResponseField name="sessionId" type="String" required />

    <ResponseField name="userId" type="String" required />

    <ResponseField name="authenticationFactors" type="List<ApiSessionV1AuthenticationFactor>" required>
      <Expandable title="properties">
        <ResponseField name="type" type="ApiSessionV1AuthenticationFactorType" required />

        <ResponseField name="deliveryMethod" type="ApiSessionV1AuthenticationFactorDeliveryMethod" required />

        <ResponseField name="lastAuthenticatedAt" type="Instant?" />

        <ResponseField name="createdAt" type="Instant?" />

        <ResponseField name="updatedAt" type="Instant?" />

        <ResponseField name="emailFactor" type="ApiSessionV1EmailFactor?" />

        <ResponseField name="phoneNumberFactor" type="ApiSessionV1PhoneNumberFactor?" />

        <ResponseField name="googleOauthFactor" type="ApiSessionV1GoogleOAuthFactor?" />

        <ResponseField name="microsoftOauthFactor" type="ApiSessionV1MicrosoftOAuthFactor?" />

        <ResponseField name="appleOauthFactor" type="ApiSessionV1AppleOAuthFactor?" />

        <ResponseField name="webauthnFactor" type="ApiSessionV1WebAuthnFactor?" />

        <ResponseField name="authenticatorAppFactor" type="ApiSessionV1AuthenticatorAppFactor?" />

        <ResponseField name="githubOauthFactor" type="ApiSessionV1GithubOAuthFactor?" />

        <ResponseField name="recoveryCodeFactor" type="ApiSessionV1RecoveryCodeFactor?" />

        <ResponseField name="facebookOauthFactor" type="ApiSessionV1FacebookOAuthFactor?" />

        <ResponseField name="cryptoWalletFactor" type="ApiSessionV1CryptoWalletFactor?" />

        <ResponseField name="amazonOauthFactor" type="ApiSessionV1AmazonOAuthFactor?" />

        <ResponseField name="bitbucketOauthFactor" type="ApiSessionV1BitbucketOAuthFactor?" />

        <ResponseField name="coinbaseOauthFactor" type="ApiSessionV1CoinbaseOAuthFactor?" />

        <ResponseField name="discordOauthFactor" type="ApiSessionV1DiscordOAuthFactor?" />

        <ResponseField name="figmaOauthFactor" type="ApiSessionV1FigmaOAuthFactor?" />

        <ResponseField name="gitLabOauthFactor" type="ApiSessionV1GitLabOAuthFactor?" />

        <ResponseField name="instagramOauthFactor" type="ApiSessionV1InstagramOAuthFactor?" />

        <ResponseField name="linkedInOauthFactor" type="ApiSessionV1LinkedInOAuthFactor?" />

        <ResponseField name="shopifyOauthFactor" type="ApiSessionV1ShopifyOAuthFactor?" />

        <ResponseField name="slackOauthFactor" type="ApiSessionV1SlackOAuthFactor?" />

        <ResponseField name="snapchatOauthFactor" type="ApiSessionV1SnapchatOAuthFactor?" />

        <ResponseField name="spotifyOauthFactor" type="ApiSessionV1SpotifyOAuthFactor?" />

        <ResponseField name="steamOauthFactor" type="ApiSessionV1SteamOAuthFactor?" />

        <ResponseField name="tikTokOauthFactor" type="ApiSessionV1TikTokOAuthFactor?" />

        <ResponseField name="twitchOauthFactor" type="ApiSessionV1TwitchOAuthFactor?" />

        <ResponseField name="twitterOauthFactor" type="ApiSessionV1TwitterOAuthFactor?" />

        <ResponseField name="embeddableMagicLinkFactor" type="ApiSessionV1EmbeddableMagicLinkFactor?" />

        <ResponseField name="biometricFactor" type="ApiSessionV1BiometricFactor?" />

        <ResponseField name="samlSsoFactor" type="ApiSessionV1SAMLSSOFactor?" />

        <ResponseField name="oidcSsoFactor" type="ApiSessionV1OIDCSSOFactor?" />

        <ResponseField name="salesforceOauthFactor" type="ApiSessionV1SalesforceOAuthFactor?" />

        <ResponseField name="yahooOauthFactor" type="ApiSessionV1YahooOAuthFactor?" />

        <ResponseField name="hubspotOauthFactor" type="ApiSessionV1HubspotOAuthFactor?" />

        <ResponseField name="slackOauthExchangeFactor" type="ApiSessionV1SlackOAuthExchangeFactor?" />

        <ResponseField name="hubspotOauthExchangeFactor" type="ApiSessionV1HubspotOAuthExchangeFactor?" />

        <ResponseField name="githubOauthExchangeFactor" type="ApiSessionV1GithubOAuthExchangeFactor?" />

        <ResponseField name="googleOauthExchangeFactor" type="ApiSessionV1GoogleOAuthExchangeFactor?" />

        <ResponseField name="impersonatedFactor" type="ApiSessionV1ImpersonatedFactor?" />

        <ResponseField name="oauthAccessTokenExchangeFactor" type="ApiSessionV1OAuthAccessTokenExchangeFactor?" />

        <ResponseField name="trustedAuthTokenFactor" type="ApiSessionV1TrustedAuthTokenFactor?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="roles" type="List<String>" required />

    <ResponseField name="startedAt" type="Instant?" />

    <ResponseField name="lastAccessedAt" type="Instant?" />

    <ResponseField name="expiresAt" type="Instant?" />

    <ResponseField name="attributes" type="ApiAttributeV1Attributes?">
      <Expandable title="properties">
        <ResponseField name="ipAddress" type="String?" />

        <ResponseField name="userAgent" type="String?" />
      </Expandable>
    </ResponseField>

    <ResponseField name="customClaims" type="Map<String, JsonElement>?" />
  </Expandable>
</ResponseField>

<RequestExample>
  ```kotlin theme={null}
  StytchConsumer.oauth.authenticate(
      OAuthAuthenticateParameters(token = "token", sessionDurationMinutes = 30)
  )
  ```
</RequestExample>