StartSocialRedirectQueryDTO
Package: @nauth-toolkit/core
Type: DTO (Request Query Parameters)
Query DTO for initiating a backend-first OAuth redirect flow where the provider redirects back to the backend callback endpoint. Used with SocialRedirectHandler.
- NestJS
- Express
- Fastify
import { StartSocialRedirectQueryDTO } from '@nauth-toolkit/nestjs';
import { StartSocialRedirectQueryDTO } from '@nauth-toolkit/core';
import { StartSocialRedirectQueryDTO } from '@nauth-toolkit/core';
Properties
| Property | Type | Required | Description |
|---|---|---|---|
action | 'login' | 'link' | No | Redirect action type. login for standard social login/signup, link to link social account to existing user. Default: login |
appState | string | No | Opaque, non-secret state to round-trip back to the frontend. Max 2000 characters. Trimmed. |
returnTo | string | No | Frontend path or absolute URL to redirect to after authentication completes. Max 2048 characters. Trimmed. Default: /auth/callback |
oauthParams | string | No | Additional OAuth parameters to pass to the provider. Passed as JSON string in query parameter. These parameters override config defaults and are appended to the provider's authorization URL. Max 2000 characters. Trimmed. Used for provider-specific customization. |
OAuth Parameters
The oauthParams property allows per-request customization of the OAuth flow. Pass provider-specific parameters as a JSON string. These override any defaults set in the backend configuration. The handler parses the JSON string automatically; the consumer controller passes the DTO as-is to SocialRedirectHandler.start(provider, dto).
Common Parameters by Provider
Google:
prompt:'select_account','consent','none'hd: Restrict to Google Workspace domainlogin_hint: Pre-fill email addressinclude_granted_scopes:'true'for incremental auth
Facebook:
auth_type:'reauthenticate','rerequest'display:'page','popup','touch'auth_nonce: For replay attack prevention
Apple:
nonce: For ID token validation
Example
Basic Request
GET /auth/social/google/redirect?returnTo=/auth/callback&appState=user123&action=login HTTP/1.1
Host: api.example.com
With OAuth Parameters (Force Google Account Chooser)
GET /auth/social/google/redirect?returnTo=/dashboard&oauthParams={"prompt":"select_account"} HTTP/1.1
Host: api.example.com
Multiple OAuth Parameters
GET /auth/social/google/redirect?returnTo=/dashboard&oauthParams={"prompt":"select_account consent","hd":"company.com"} HTTP/1.1
Host: api.example.com
Used By
Related
StartSocialRedirectResponseDTO- Response returned by start()SocialCallbackQueryDTO- OAuth callback query parametersSocialCallbackFormDTO- OAuth callback form data (Apple)SocialExchangeDTO- Exchange token for auth response