The provider's redirect target: exchange the code, open the session, and 302 the browser back to the SPA's `return_to` with the issued tokens in the URL fragment (or `identra_error` on failure).
GET
Public operationId: oauth_callback/v1/auth/oauth/{application_id}/{provider}/callback Authorization
No credential required — these endpoints are reachable without authentication.
Path parameters
application_idstring<uuid> requiredPublishable application id
providerstring requiredProvider key
Responses
302 Redirect back to the application
Request
curl -X GET "http://localhost:8080/v1/auth/oauth/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/string/callback" \Try it
live requestGET
http://localhost:8080/v1/auth/oauth/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/string/callback