Google Oauth Callback

curl --request POST \
  --url http://localhost:8000/auth/google/callback \
  --header 'Content-Type: application/json' \
  --data '
{
  "code": "<string>",
  "tenant_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "redirect_uri": "<string>"
}
'

{
  "access_token": "<string>",
  "expires_in": 123,
  "user_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "role": "<string>",
  "token_type": "bearer",
  "tenant_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}

Authentication

Google Oauth Callback

Handle Google OAuth 2.0 callback.

This endpoint:

Exchanges the authorization code for user information from Google
Creates or updates the user in the database
Verifies the user has access to the specified tenant
Issues a JWT token with user_id, tenant_id, role, and expiration

Args: request: Google OAuth callback request with code and tenant_id db: Async database session

Returns: TokenResponse: JWT token and user information

Raises: HTTPException 400: If Google OAuth validation fails HTTPException 403: If user doesn’t have access to the tenant

POST

auth

google

callback

Google Oauth Callback

curl --request POST \
  --url http://localhost:8000/auth/google/callback \
  --header 'Content-Type: application/json' \
  --data '
{
  "code": "<string>",
  "tenant_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "redirect_uri": "<string>"
}
'

{
  "access_token": "<string>",
  "expires_in": 123,
  "user_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "role": "<string>",
  "token_type": "bearer",
  "tenant_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}

Body

application/json

code

string

required

Authorization code from Google OAuth

tenant_id

string<uuid> | null

Tenant ID to associate with the session

redirect_uri

string | null

Redirect URI used in the Google OAuth authorization request

Response

Successful Response

access_token

string

required

JWT access token

expires_in

integer

required

Token expiration time in seconds

user_id

string<uuid>

required

User's unique identifier

role

string

required

User's role in the tenant

token_type

string

default:bearer

Token type

tenant_id

string<uuid> | null

Active tenant ID

Get Google Auth Config