OttoFMS API - Exchange OAuth Code for Tokens

Exchange OAuth Code for Tokens

Exchange a Google OAuth authorization code for tokens. If Google credentials are configured, the user's Google Groups will be fetched and added to the ID token's payload before re-signing.

This endpoint is public (no auth required) as it's called during the OAuth flow.

Request Body

application/json

POST /otto/api/google-auth/token Request body

code*string

OAuth authorization code

client_id*string

Google OAuth client ID

client_secret*string

Google OAuth client secret

redirect_uri*string

OAuth redirect URI

Formaturi

grant_type?string

Default"authorization_code"

[key: string]?unknown

Response Body

`application/json`

curl -X POST "https://your.server.net/otto/api/google-auth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "string",
    "client_id": "string",
    "client_secret": "string",
    "redirect_uri": "http://example.com",
    "property1": null,
    "property2": null
  }'

curl -X POST "https://your.server.net/otto/api/google-auth/token" \  -H "Content-Type: application/json" \  -d '{    "code": "string",    "client_id": "string",    "client_secret": "string",    "redirect_uri": "http://example.com",    "property1": null,    "property2": null  }'

{
  "access_token": "string",
  "expires_in": 0,
  "scope": "string",
  "token_type": "string",
  "id_token": "string",
  "refresh_token": "string"
}

{
  "error": "string"
}

Exchange OAuth Code for Tokens

Exchange OAuth Code for Tokens

Request Body

Response Body

200application/json

400application/json

`application/json`

`application/json`