Auth
Verify an OAuth callback and issue tokens
Call this endpoint after the OAuth provider redirects back with code and state. Returns the same payload as /auth/verify.
POST
Headers
HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.
Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.
Body
application/json
OpenAPI schema McpVerifySocialAuthBodyDto.