OAuth Authentication

Intotes supports OAuth sign-in through Google. The flow redirects the user to the provider's authorization page, then handles the callback to create or log in the user.

New users created through OAuth are automatically provisioned with crypto wallet addresses (TRON, BSC, Polygon, Ethereum).

Providers

Google

Endpoint	Method	Description
`/api/v1/auth/google`	GET	Redirects the user to Google's OAuth consent screen
`/api/v1/auth/google/callback`	GET	Handles Google's redirect after authorization

Authentication

None -- these endpoints initiate or complete the authentication flow.

Flow

Redirect: Your client navigates to GET /api/v1/auth/google. The server responds with a 302 redirect to Google's consent screen.
User authorizes: The user grants permission on Google's page.
Callback: Google redirects back to /api/v1/auth/google/callback with an authorization code.
Token exchange: The server exchanges the code for user info, creates the account if it does not exist, and sets access_token and refresh_token HTTP-only cookies.
Response: The callback returns the user object.

Example (initiating Google OAuth)

curl -X GET https://intotes.com/api/v1/auth/google \
  -L

Response

200 OK (callback endpoints)

Sets access_token and refresh_token as HTTP-only cookies.

{
  "user": {
    "id": 42,
    "name": "John Doe",
    "nickname": "john_doe",
    "email": "john@gmail.com",
    "referral_code": "XYZ789",
    "language": "en",
    "theme": "dark",
    "balance": 0,
    "bonus_balance": 0,
    "total_balance": 0,
    "tron_address": "TXyz1234567890abcdefghijk",
    "bsc_address": "0x1234567890abcdef1234567890abcdef12345678",
    "polygon_address": "0xabcdefabcdefabcdefabcdefabcdefabcdefabcd",
    "ethereum_address": "0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef",
    "avatar_url": "https://lh3.googleusercontent.com/a/example",
    "is_creator": false,
    "is_stats_viewer": false,
    "total_predictions": 0,
    "biggest_win": 0,
    "registered_date": "2026-04-04"
  }
}

Errors

Status	Code	Description
400	`INVALID_REQUEST`	Missing or malformed callback parameters
401	`OAUTH_FAILED`	Provider rejected the authorization or token exchange failed

Providers​

Google​

Authentication​

Flow​

Example (initiating Google OAuth)​

Response​

200 OK (callback endpoints)​

Errors​