Skip to main content
POST
/
api
/
auth
/
social
/
verify
curl --request POST \
  --url https://mcp.echozero.app/api/auth/social/verify \
  --header 'Content-Type: application/json' \
  --data '
{
  "state": "550e8400-e29b-41d4-a716-446655440000"
}
'
{
  "success": true,
  "data": {
    "newUser": true,
    "onBoardingCompleted": true,
    "mfaRequired": true,
    "user": {
      "id": "507f1f77bcf86cd799439011",
      "username": "alice_bob",
      "email": "alice@example.com",
      "emailVerifiedAt": "2023-11-07T05:31:56Z"
    },
    "tokens": {
      "accessToken": "<string>",
      "refreshToken": "<string>",
      "mfaAccessToken": "<string>"
    },
    "errorMessage": "<string>",
    "unlocksAt": "2023-11-07T05:31:56Z"
  }
}

Headers

x-signature
string

HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.

x-timestamp
string

Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.

Body

application/json

OpenAPI schema McpVerifySocialAuthBodyDto.

state
string<uuid>
required

UUID state value returned from the corresponding /auth/social/url call.

Example:

"550e8400-e29b-41d4-a716-446655440000"

code
string

Authorization code forwarded from the OAuth provider callback.

Response

Social authentication succeeded; tokens issued.

success
boolean
required
Example:

true

data
object
required

Endpoint-specific payload