auth

OAuth callback handler

OAuth provider redirects the user here after consent. The server exchanges the code for tokens, creates or finds the user, and redirects to the client with token, refreshToken, and expiresIn in query params.

GET/api/auth/oauth/callback/{provider}

Authentication

Public — No Auth Required

Path Parameters

Name	Type	Required	Description
`provider`	string	Yes	OAuth provider identifier (e.g. google, github).

SDK setup

Create a client instance. No authentication is required for this endpoint.

import { MudbaseClient } from "mudbase";

const client = new MudbaseClient();
import { MudbaseClient } from "mudbase";

const client = new MudbaseClient();

Example request

Call this endpoint using the client from SDK setup. Use View HTTP for a raw cURL example.

const result = await client.auth.oauthCallback({
  provider: "microchip transmit"
});
const result = await client.auth.oauthCallback({
  provider: "microchip transmit"
});

Try It Live

Test this endpoint with your own credentials. Your requests will be sent to the live API.

Path Parameters

provider

No Request Yet

Send a request to see the full inspector

Responses

200Success (in most cases the server responds with 302 redirect to client with token).

json

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c3JfZGVtbyJ9.sig_sample",
  "user": {
    "_id": "usr_2n1RpfJ9W2jILy",
    "email": "buster_pagac@northwind.dev",
    "firstName": "Sally",
    "lastName": "Beier",
    "fullName": "Savanah Mills",
    "avatar": "https://picsum.photos/seed/ZzIu8a0a/776/3647",
    "role": "owner",
    "emailVerified": true,
    "phoneVerified": false,
    "twoFactorEnabled": true,
    "lastLogin": "2026-03-08T04:52:32.243Z",
    "createdAt": "2026-03-09T20:59:00.429Z",
    "updatedAt": "2026-03-27T00:41:02.597Z",
    "org": {
      "_id": "usr_XoF5LyUzQQ3RXH",
      "name": "Ian Hauck",
      "slug": "fake-turret-ypfz"
    }
  }
}
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c3JfZGVtbyJ9.sig_sample",
  "user": {
    "_id": "usr_2n1RpfJ9W2jILy",
    "email": "buster_pagac@northwind.dev",
    "firstName": "Sally",
    "lastName": "Beier",
    "fullName": "Savanah Mills",
    "avatar": "https://picsum.photos/seed/ZzIu8a0a/776/3647",
    "role": "owner",
    "emailVerified": true,
    "phoneVerified": false,
    "twoFactorEnabled": true,
    "lastLogin": "2026-03-08T04:52:32.243Z",
    "createdAt": "2026-03-09T20:59:00.429Z",
    "updatedAt": "2026-03-27T00:41:02.597Z",
    "org": {
      "_id": "usr_XoF5LyUzQQ3RXH",
      "name": "Ian Hauck",
      "slug": "fake-turret-ypfz"
    }
  }
}

302Redirect with token, refreshToken, and expiresIn

400Bad request or validation error.

401Authentication required or invalid token.

403Access denied or insufficient permissions.

429Rate limit exceeded.

Errors

Code	Meaning
`400`	Bad request or validation error.
`401`	Authentication required or invalid token.
`403`	Access denied or insufficient permissions.
`429`	Rate limit exceeded.

Run in Postman Download OpenAPI

Next steps

Edit this page on GitHub