POST /api/email/oauth/initiate
Initiate email OAuth flow Starts the OAuth 2.0 authorization flow for a Google or Microsoft email provider. Requires a valid Auth.js session cookie. The handler builds secure OAuth state containing tenant, user, providerId, redirect URI, timestamp, and nonce, resolves the provider client ID from configured secrets, and returns the authorization URL for the browser to visit.
Request body Content type: application/json · schema EmailOAuthInitiateRequest
provider string Required
Email OAuth provider to authorize.
Enum: microsoftgoogle
redirectUri string <uri>
Optional OAuth callback URI. If omitted, the server builds /api/auth/{provider}/callback from the configured base URL.
providerId string <uuid>
Email provider configuration ID to carry through OAuth state and use during callback token persistence.
Response body Success response 200 · schema EmailOAuthInitiateResponse
success boolean Required
OAuth initiation succeeded.
Enum: true
authUrl string <uri> Required
Provider authorization URL for the browser to visit.
provider string Required
Email OAuth provider being authorized.
Enum: microsoftgoogle
state string Required
Base64-encoded OAuth state containing tenant, userId, providerId, redirectUri, timestamp, nonce, and hosted flag.
Response codes 200
OAuth authorization URL generated successfully.
400
Provider is missing or not supported.
401
No authenticated user session was found.
500
OAuth client ID was not configured or initiation failed unexpectedly.