Google Sign-In token exchange

POST /auth/google-signin

Exchange a Google Sign-In id_token for MagicWeave access and refresh tokens.

Current behavior:

Looks up project Google OAuth credentials.
Verifies token via Google JWKS and allowed project client IDs (web/android/ios).
Requires email claim in token.
Creates user if needed, then returns MagicWeave access + refresh tokens.

Typical errors:

400 if provider not configured, no client IDs configured, or email missing in token.
401 if token invalid or issuer is invalid.

Request

Responses

Successful Response

Request body

{
  "id_token": "<google_id_token_from_client_sign_in>"
}

Response shape

{
  "success": true,
  "access_token": "jwt-or-null",
  "refresh_token": "jwt-or-null",
  "message": "human-readable status"
}

cURL example

curl -X POST "http://localhost:8001/auth/google-signin" \
  -H "x-client-id: <client-id>" \
  -H "x-client-secret: <client-secret>" \
  -H "Content-Type: application/json" \
  -d '{"id_token":"<google-id-token>"}'

Google Sign-In token exchange

/auth/google-signin

Request​

Responses​

Request body​

Response shape​

cURL example​

Request

Responses

Request body

Response shape

cURL example