API Reference

Social Login (OAuth) APIs

Use the Social Login (OAuth) APIs to let your end users sign-in to your app or website using their existing social network credentials, for example Google or Facebook.

Overview

Implementing OAuth using the APIs is a two step process:

  1. Authorize - Call the Sign-Up / Sign-In endpoint to authorize your end user to sign-up or sign-in using their OAuth credentials. After the end user has successfully signed-in you will get a unique code, which will be exchanged for a user object in the next step. This endpoint is used for both sign-up and sign-in.
  2. Exchange Code - call the Exchange Code endpoint which will exchange the unique code for a user object, which includes the session JWT sessionJwt and refresh JWT refreshJwt.

Implementing OAuth

Authorize sign-up/sign-in

Call the Sign-Up / Sign-In endpoint to authorize your end user to sign-up or sign-in using their social network credentials. Descope will walk the end user through the OAuth provider's authorization and sign-in process. The endpoint takes two arguments:

  • provider - name of Auth provider (for example, "google" or "facebook"). For list of all supported options see here.
  • redirectURL - destination URL you want the end user session to be redirected to after successfully signing in

The API response includes url, which the user should be redirect to in order to perform the OAuth authentication with the service provider. Once completed, the user will be redirected to the redirectURL with a unique code <code> appended as a URL parameter.

Note that redirectURL is an optional parameter. If omitted - the project setting will apply. If provided - it should to be part of the Approved Domains configured in the project settings.

Exchange Code

In your source code that responds to user session being redirected to redirectUrl, exchange the unique code <code> from the URL parameter for a Descope user object.

  1. Extract the unique code <code> from the URL parameter.
  2. Call the Exchange Code endpoint.

The endpoint response will return a valid User Object, which includes the session JWT sessionJwt and refresh JWT refreshJwt.

Was this helpful?

Next

Update Email POST

Next

Sign-Up / Sign-In POST

On this page