Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/HelenaLM32/ECHO/llms.txt

Use this file to discover all available pages before exploring further.

ECHO supports Google OAuth2 as an alternative to creating an account with an email and password. When a user authenticates via Google, ECHO issues the same JWT Bearer token used by all other auth methods — so the rest of your API integration is identical regardless of how the user logged in.
Google OAuth requires GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET to be configured in the server environment before the OAuth flow will work. Contact your server administrator if these credentials are not set up.

OAuth flow

1

User authorizes on Google

Your frontend redirects the user to Google’s OAuth consent screen. After the user approves, Google redirects back to your frontend callback URL (e.g., /oauth/callback) with a one-time authorization code in the query string.
2

Exchange the code for an ECHO JWT

Send the authorization code and the redirectUri you used to the ECHO backend. ECHO exchanges the code with Google, fetches the user’s profile, creates or looks up the ECHO account, and returns a JWT.
curl -X POST http://localhost:8084/auth/oauth/google \
  -H "Content-Type: application/json" \
  -d '{"code":"4/0AX4XfWj...","redirectUri":"http://localhost:8083/oauth/callback"}'
Request body
code
string
required
The one-time authorization code returned by Google to your frontend callback URL.
redirectUri
string
required
The exact redirect URI registered with your Google OAuth app. Must match what was used to initiate the Google authorization.
Response — same shape as the /users/login response:
{
  "token": "eyJhbGciOiJIUzI1NiJ9...",
  "id": 42,
  "email": "user@gmail.com",
  "username": "johnsmith",
  "roles": ["USER"],
  "isActive": true,
  "avatarUrl": "https://lh3.googleusercontent.com/..."
}
If no ECHO account exists for this Google user, one is created automatically. The user’s Google user ID is stored as provider_id, and provider is set to "google". No password is stored.
3

Store and use the token

Store the returned token and include it as a Bearer token in the Authorization header on all subsequent authenticated requests.
The JWT token you receive from Google OAuth is identical in format and usage to a token obtained via /users/login. Use it the same way: include it in the Authorization header as a Bearer token on every authenticated request.

Using the token

Once your frontend has the JWT token from the OAuth callback, pass it in the Authorization header on all subsequent API requests: 
curl -X GET http://localhost:8084/orders \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9..."

OAuth user accounts

Users who sign in via Google have accounts with the following characteristics:
FieldValue
provider"google"
provider_idThe user’s Google account ID
passwordNULL — no password is stored
These users cannot log in via /users/login with a password, since no password exists for their account. They must always authenticate through the Google OAuth flow.

Build docs developers (and LLMs) love

Get started for freeTalk to us