Skip to content
getgeolens.com
GeoLens DocsEarly release

Oauth Callback

GET
/auth/oauth/{provider_slug}/callback
 
curl --request GET \
  --url https://example.com/api/auth/oauth/example/callback

Handle IdP callback: exchange code, find/create user, issue JWT, redirect to frontend.

Phase 268 H-27: the frontend redirect carries access tokens in the URL fragment. Without explicit-config resolution, an attacker controlling X-Forwarded-Host could steer the post-callback redirect to attacker.com and capture the tokens. Force explicit-config resolution by passing for_external_use=True.

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
provider_slug
required
Provider Slug
string

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Successful Response

400

Section titled “400 ”

Bad request — invalid query parameters or payload

401

Section titled “401 ”

Unauthorized — missing or invalid credentials

403

Section titled “403 ”

Forbidden — caller lacks access to this resource

404

Section titled “404 ”

Not found

422

Section titled “422 ”

Validation error

500

Section titled “500 ”

Internal server error