Skip to main content
POST
/
public
/
v1
/
submit
/
oauth_login

Authorizations

X-Stamp
string
required
Cryptographically signed (stamped) request to be passed in as a header. For more info, see here.

Body

type
enum<string>
required
Enum options: ACTIVITY_TYPE_OAUTH_LOGIN
timestampMs
string
required
Timestamp (in milliseconds) of the request, used to verify liveness of user requests.
organizationId
string
required
Unique identifier for a given Organization.
parameters
object
required

The parameters object containing the specific intent data for this activity.

generateAppProofs
boolean
Enable to have your activity generate and return App Proofs, enabling verifiability.

Response

A successful response returns the following fields:
activity
object
required
The activity object containing type, intent, and result
curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/oauth_login \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <string> (see Authorizations)" \
  --data '{
    "type": "ACTIVITY_TYPE_OAUTH_LOGIN",
    "timestampMs": "<string> (e.g. 1746736509954)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "oidcToken": "<string>",
        "publicKey": "<string>",
        "expirationSeconds": "<string>",
        "invalidateExisting": "<boolean>"
    }
}'
import { Turnkey } from "@turnkey/sdk-server";

const turnkeyClient = new Turnkey({
  apiBaseUrl: "https://api.turnkey.com",
  apiPublicKey: process.env.API_PUBLIC_KEY!,
  apiPrivateKey: process.env.API_PRIVATE_KEY!,
  defaultOrganizationId: process.env.ORGANIZATION_ID!,
});

const response = await turnkeyClient.apiClient().oauthLogin({
  oidcToken: "<string> (Base64 encoded OIDC token)",
  publicKey: "<string> (Client-side public key generated by the user, which will be conditionally added to org data based on the validity of the oidc token associated with this request)",
  expirationSeconds: "<string> (Expiration window (in seconds) indicating how long the Session is valid for. If not provided, a default of 15 minutes will be used.)",
  invalidateExisting: true // Invalidate all other previously generated Login API keys
});
{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_OAUTH_LOGIN",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g. 1746736509954)",
    "result": {
      "activity": {
        "id": "<string>",
        "organizationId": "<string>",
        "status": "<string>",
        "type": "<string>",
        "intent": {
          "oauthLoginIntent": {
            "oidcToken": "<string>",
            "publicKey": "<string>",
            "expirationSeconds": "<string>",
            "invalidateExisting": "<boolean>"
          }
        },
        "result": {
          "oauthLoginResult": {
            "session": "<string>"
          }
        },
        "votes": "<array>",
        "fingerprint": "<string>",
        "canApprove": "<boolean>",
        "canReject": "<boolean>",
        "createdAt": "<string>",
        "updatedAt": "<string>"
      }
    }
  }
}