Browser popup callback for the Microsoft Graph email-provider OAuth flow. Microsoft redirects here with an authorization code and state. The handler decodes tenant/provider context from state, resolves the tenant Microsoft profile credentials, exchanges the code for Microsoft Graph tokens, stores them on the email provider, marks the provider connected, and best-effort registers a Graph webhook subscription. This endpoint is public and protected by the OAuth state parameter; it always responds with text/html that posts the success or error payload to the opener window rather than returning JSON.
Query parameters
codestringOptional
OAuth 2.0 authorization code. Required unless the provider returned error.
statestringOptional
Base64-encoded JSON state object generated when the OAuth flow was initiated. It carries tenant context, providerId, redirectUri, timestamp, and nonce values used to complete the callback.
errorstringOptional
OAuth error code returned by the provider, such as access_denied.
error_descriptionstringOptional
Human-readable OAuth error description returned by the provider.
Response codes
200
HTML popup callback page. The embedded postMessage payload reports success, provider=microsoft, token expiry, and echoed code/state, or an OAuth/configuration/token-exchange error.