Final step of the OAuth login flow. The browser (or SDK) calls this POST with the `code` it received on the OAuth callba

POST /api/v1/auth/oauth/exchange

Final step of the OAuth login flow. The browser (or SDK) calls this POST with the code it received on the OAuth callback redirect; the server validates the code, deletes the underlying AuthChallenge row, and sets the access + refresh token cookies on the response. The tokens themselves are never returned in the response body — they live in HttpOnly cookies that subsequent calls (including auth.me) authenticate against.

Request

Responses

200
default

Success

Final step of the OAuth login flow. The browser (or SDK) calls this POST with the `code` it received on the OAuth callba

/api/v1/auth/oauth/exchange

Request​

Responses​

Request

Responses