Skip to main content
POST
/
api
/
auth
/
google
Google OAuth Login
curl --request POST \
  --url https://api.example.com/api/auth/google \
  --header 'Content-Type: application/json' \
  --data '
{
  "token": "<string>"
}
'
{
  "200": {},
  "400": {},
  "401": {},
  "success": true,
  "data": {
    "user": {
      "id": 123,
      "email": "<string>",
      "nombre": "<string>",
      "apellido": "<string>",
      "googleId": "<string>",
      "role": "<string>"
    },
    "token": "<string>"
  }
}

Endpoint

POST /api/auth/google
Authenticates a user using Google OAuth. Creates a new user account if the Google account is not already registered, or logs in an existing user.

Request Body

token
string
required
Google ID token obtained from Google Sign-In on the client side.

Response

success
boolean
Indicates whether the request was successful.
data
object
Contains the user data and JWT token.

Status Codes

200
Success
Authentication successful. Returns user data and JWT token.
400
Bad Request
Missing Google token in request body.
401
Unauthorized
Invalid or expired Google token.

Error Response

{
  "success": false,
  "error": "Error autenticando con Google"
}
or 
{
  "success": false,
  "error": "Falta el token de Google"
}

Example Request

cURL
curl -X POST https://api.pcfix.com/api/auth/google \
  -H "Content-Type: application/json" \
  -d '{
    "token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE4MmU0M..."
  }'
JavaScript
// After obtaining the Google ID token from Google Sign-In
const response = await fetch('https://api.pcfix.com/api/auth/google', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    token: googleIdToken
  })
});

const data = await response.json();
console.log(data);
Python
import requests

# After obtaining the Google ID token from Google Sign-In
response = requests.post(
  'https://api.pcfix.com/api/auth/google',
  json={
    'token': google_id_token
  }
)

data = response.json()
print(data)

Example Response

{
  "success": true,
  "data": {
    "user": {
      "id": 789,
      "email": "[email protected]",
      "nombre": "Carlos",
      "apellido": "Rodríguez",
      "googleId": "117234567890123456789",
      "role": "USER"
    },
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }
}

Implementation Notes

New User Registration

When a user authenticates with Google for the first time:
  • A new user account is automatically created
  • User information is populated from the Google profile
  • A customer profile is created and linked to the user
  • A welcome email is sent to the user’s email address
  • The password field is set to an empty string (password login is disabled)

Existing User Login

When a user with an existing account authenticates:
  • If the user doesn’t have a googleId yet, it will be added to their profile
  • The user is logged in and receives a new JWT token

Client-Side Integration

To use this endpoint, you need to:
  1. Set up Google Sign-In on your client application
  2. Obtain the Google ID token after successful sign-in
  3. Send the token to this endpoint
Example using Google Sign-In JavaScript library: 
// Initialize Google Sign-In
google.accounts.id.initialize({
  client_id: 'YOUR_GOOGLE_CLIENT_ID',
  callback: handleCredentialResponse
});

// Handle the credential response
async function handleCredentialResponse(response) {
  const googleToken = response.credential;
  
  // Send to your API
  const result = await fetch('https://api.pcfix.com/api/auth/google', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ token: googleToken })
  });
  
  const data = await result.json();
  // Store the JWT token for authenticated requests
  localStorage.setItem('authToken', data.data.token);
}

Security Notes

  • The Google ID token is verified server-side using the Google Auth Library
  • The token must be issued by Google and intended for your application’s client ID
  • Users authenticated via Google will have an empty password field and cannot use email/password login unless they set a password separately

Build docs developers (and LLMs) love

Get started for freeTalk to us