Skip to main content

Continue with Google

Authenticates or registers a user using Google OAuth, returning available roles for the account.

Request Body

idToken
string
required
Google ID token obtained from Google Sign-In client library

Response

accountId
string (uuid)
Unique identifier for the user account
email
string
User’s email address from Google account
roles
array<string>
List of roles assigned to this account (e.g., [“Customer”])

Response Codes

  • 200 OK - Authentication successful
  • 400 Bad Request - Invalid or expired Google token
  • 403 Forbidden - Account disabled
  • 404 Not Found - Account-related error
  • 409 Conflict - Email conflict (rare)
  • 500 Internal Server Error - Server error

Examples

curl -X POST "https://your-server.com/api/account/customer/google" \
  -H "Content-Type: application/json" \
  -d '{
    "idToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjI3MGU..."
  }'

Success Response Example

{
  "accountId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "email": "[email protected]",
  "roles": ["Customer"]
}

Error Response Examples

Invalid Google Token (400 Bad Request): 
"Invalid token"
Email Conflict (409 Conflict): 
"An account with this email already exists with password authentication"

Google Sign-In Integration

Client-Side Setup

Before calling this endpoint, you need to integrate Google Sign-In on your client:
1

Configure Google OAuth

Set up Google OAuth in Google Cloud Console and obtain a Client ID
2

Implement Google Sign-In

Use Google Sign-In library to authenticate users and obtain ID token
3

Send ID Token

Send the ID token to this endpoint to authenticate with your server
4

Get Role Token

Use the returned accountId to get a JWT token via /api/account/token

JavaScript Example with Google Sign-In

// Load Google Sign-In library
google.accounts.id.initialize({
  client_id: 'YOUR_GOOGLE_CLIENT_ID',
  callback: handleGoogleSignIn
});

async function handleGoogleSignIn(response) {
  const idToken = response.credential;
  
  // Send to server
  const serverResponse = await fetch('https://your-server.com/api/account/customer/google', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ idToken })
  });
  
  const userRoles = await serverResponse.json();
  
  // Now get a JWT token for Customer role
  const tokenResponse = await fetch('https://your-server.com/api/account/token', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      accountId: userRoles.accountId,
      role: 'Customer'
    })
  });
  
  const jwtToken = await tokenResponse.json();
  // Store jwtToken for authenticated requests
}

Behavior Notes

If the Google account email doesn’t exist in the system, a new customer account is automatically created.
The Google ID token must be valid and issued to your configured Google Client ID. Expired or invalid tokens will be rejected.

Configuration

Server configuration requires setting the GOOGLE_CLIENT_ID environment variable: 
GOOGLE_CLIENT_ID=your-google-oauth-client-id.apps.googleusercontent.com

Next Steps

After Google authentication:
  1. Receive account information and available roles
  2. Call /api/account/token to get a JWT token for the desired role
  3. Use the JWT token for authenticated API requests

Build docs developers (and LLMs) love

Get started for freeTalk to us