POST
/v1/auth/oauth/native/start

Authorization

AuthorizationRequiredBearer <token>

In: header

Request Body

application/jsonRequired
providerstring
loginOptionsobject
implicitboolean
rawResponseboolean
curl -X POST "https://api.descope.com/v1/auth/oauth/native/start" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "provider": "string",
    "loginOptions": {
      "stepup": false,
      "customClaims": {},
      "mfa": false,
      "ssoAppId": "string",
      "templateOptions": {
        "property1": "string",
        "property2": "string"
      },
      "locale": "string",
      "pkceChallenge": "string",
      "revokeOtherSessions": true
    },
    "implicit": true,
    "rawResponse": true
  }'

OK

{
  "clientId": "string",
  "stateId": "string",
  "nonce": "string",
  "implicit": true,
  "errorId": "string"
}

Was this helpful?

Create Redirect URI for Sign-Up Request POST

### Create an OAuth Redirect URI for user Sign-In Request This endpoint allows you to create an OAuth Redirect URI for user Sign-In Request. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`

Exchange Code POST

### Exchange OAuth code for Descope user session This endpoint will exchange the OAuth code for the Descope session information needed for managing the end user session. Call this endpoint from your code flow that responds to the `url` that was returned by the [Sign-In](/api/oauth/sign-up-sign-in) endpoint. The unique code `<unique-code\>` is appended as a URL parameter: `code=<unique-code\>`, for example, `url = https://oauth.mycompany.com/shopping.htm?code=<unique-code\>`. ### Next Steps 1. Extract the unique code `<unique-code\>` from the URL parameter. 2. Call this endpoint, passing the `<unique-code\>` as the request parameter The response object includes the session JWT (sessionJwt) and refresh JWT (refreshJwt) when this endpoint completes successfully. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`