Skip to content
getgeolens.com
GeoLens Docs

Oauth Callback

GET
/auth/oauth/{provider_slug}/callback
 
curl --request GET \
  --url https://example.com/auth/oauth/example/callback

Handle IdP callback: exchange code, find/create user, issue JWT, redirect to frontend.

Phase 268 H-27: the frontend redirect carries access tokens in the URL fragment. Without explicit-config resolution, an attacker controlling X-Forwarded-Host could steer the post-callback redirect to attacker.com and capture the tokens. Force explicit-config resolution by passing for_external_use=True.

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
provider_slug
required
Provider Slug
string

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Successful Response

400

Section titled “400 ”

Bad request — invalid query parameters or payload

ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
default: about:blank
Example 
{
  "type": "about:blank"
}

401

Section titled “401 ”

Unauthorized — missing or invalid credentials

ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
default: about:blank
Example 
{
  "type": "about:blank"
}

403

Section titled “403 ”

Forbidden — caller lacks access to this resource

ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
default: about:blank
Example 
{
  "type": "about:blank"
}

404

Section titled “404 ”

Not found

ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
default: about:blank
Example 
{
  "type": "about:blank"
}

422

Section titled “422 ”

Validation error

ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
default: about:blank
Example 
{
  "type": "about:blank"
}

500

Section titled “500 ”

Internal server error

ProblemDetail
object
detail
required
Detail
string
status
required
Status
integer
title
required
Title
string
type
Type
string
default: about:blank
Example 
{
  "type": "about:blank"
}