Authenticate OAuth

POSThttps://test.stytch.com/v1/b2b/oauth/authenticate

Authenticate a Member given a token. This endpoint verifies that the member completed the OAuth flow by verifying that the token is valid and hasn't expired. Provide the session_duration_minutes parameter to set the lifetime of the session. If the session_duration_minutes parameter is not specified, a Stytch session will be created with a 60 minute duration.

If the Member is required to complete MFA to log in to the Organization, the returned value of member_authenticated will be false, and an intermediate_session_token will be returned. The intermediate_session_token can be passed into the OTP SMS Authenticate endpoint to complete the MFA step and acquire a full member session. The intermediate_session_token can also be used with the Exchange Intermediate Session endpoint or the Create Organization via Discovery endpoint to join a different Organization or create a new one. The session_duration_minutes and session_custom_claims parameters will be ignored.

If a valid session_token or session_jwt is passed in, the Member will not be required to complete an MFA step.

We’re actively accepting requests for new OAuth providers! Please email us or post in our community if you are looking for an OAuth provider that is not currently supported.

Body parameters

oauth_token*string
session_custom_claimsmap<string, any>
session_duration_minutesint
session_jwtstring
session_tokenstring
intermediate_session_tokenstring
pkce_code_verifierstring
localestring

Response fields

status_codeint
request_idstring
intermediate_session_tokenstring
memberobject
member_authenticatedboolean
member_idstring
mfa_requiredobject
organization_idstring
organizationobject
provider_subjectstring
provider_typestring
provider_valuesobject
member_sessionobject
session_tokenstring
session_jwtstring
curl --request POST \
  --url https://test.stytch.com/v1/b2b/oauth/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "oauth_token": "hdPVZHHX0UoRa7hJTuuPHi1vlddffSnoweRbVFf5-H8g"
  }'

RESPONSE

200
{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
  "organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
  "session_jwt": "example_jwt",
  "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
  "intermediate_session_token": "",
  "member_authenticated": true,
  "mfa_required": null,
  "member_session": {...},
  "member": {...},
  "organization": {...},
  "provider_subject": "10769150350006150715113082367",
  "provider_type": "Google",
  "provider_values": {
    "access_token": "example-access-token",
    "refresh_token": "example-refresh-token",
    "id_token": "example-id-token",
    "scopes": ["example scope"]
  },
}