Validate Authentication Callback
This API route is used by your storefront or frontend application when a third-party provider redirects to it after authentication. It validates the authentication with the third-party provider and, if successful, returns an authentication token. All query parameters received from the third-party provider, such as `code`, `state`, and `error`, must be passed as query parameters to this route. You can decode the JWT token using libraries like [react-jwt](https://www.npmjs.com/package/react-jwt) in the storefront. If the decoded data doesn't have an `actor_id` property, then you must register the customer using the Create Customer API route passing the token in the request's Authorization header.
Path Parameters
The provider used for authentication.
Response Body
application/json
application/json
text/plain
application/json
application/json
application/json
application/json
curl -X POST "https://{tenant}.api.myxclade.com/auth/customer/google/callback"{
"token": "string"
}{
"message": "Discount must be set to dynamic",
"type": "not_allowed"
}"Unauthorized"{
"message": "Entity with id 1 was not found",
"type": "not_found"
}{
"code": "unknown_error",
"message": "The request conflicted with another request. You may retry the request with the provided Idempotency-Key.",
"type": "QueryRunnerAlreadyReleasedError"
}{
"code": "invalid_request_error",
"message": "Discount with code TEST already exists.",
"type": "duplicate_error"
}{
"code": "api_error",
"message": "An error occured while hashing password",
"type": "database_error"
}Authenticate Customer
Authenticate a customer and receive the JWT token to be used in the header of subsequent requests. When used with a third-party provider, such as Google, the request returns a `location` property. You redirect to the specified URL in your storefront to continue authentication with the third-party service.
Generate Reset Password Token for Customer
Generate a reset password token for a customer. This API route doesn't reset the customer password or send them the reset instructions in a notification. Instead, This API route emits the `auth.password_reset` event, passing it the token as a payload. You can listen to that event in a subscriber as explained in [this guide](https://), then send the customer a notification. The notification is sent using a [Notification Module Provider](https://), and it should have a URL that accepts a `token` query parameter, allowing the customer to reset their password from the storefront. Use the generated token to update the customer's password using the [Reset Password API route](https://).