Authentication
OAuth 2.0 via GitHub or Google. The callback exchanges the code for a JWT and a refresh token stored in an HttpOnly cookie.
GitHub OAuth
GET/auth/githubRedirect to GitHub consent screen
GET/auth/github/callbackGitHub redirects here after consent
Returns JWT and sets refresh cookie.
{
"token": "eyJhbG...",
"user": { "id": "...", "email": "..." }
}Google OAuth
GET/auth/googleRedirect to Google consent screen
GET/auth/google/callbackGoogle redirects here after consent
Token management
POST/auth/refreshExchange refresh token for new JWT
Reads refresh token from cookie automatically.
{ "token": "eyJhbG..." }POST/auth/logoutClear refresh cookie
GET/auth/meReturn current userJWT
{ "id": "uuid", "email": "you@example.com", "provider": "github" }