Completes the OAuth authentication flow by either signing up or logging in the user, depending on whether a sub-organization already exists for the provided OIDC token.
This function first checks if there is an existing sub-organization associated with the OIDC token.
If a sub-organization exists, it proceeds with the OAuth login flow.
If no sub-organization exists, it creates a new sub-organization and completes the sign-up flow.
Optionally accepts a custom OAuth provider name, session key, and additional sub-organization creation parameters.
Handles session storage and management, and supports invalidating existing sessions if specified.
parameters for sub-organization creation (e.g., authenticators, user metadata).
params.invalidateExisting
boolean
flag to invalidate existing sessions for the user.
params.oidcToken
string
required
OIDC token received after successful authentication with the OAuth provider.
params.providerName
string
name of the OAuth provider (defaults to a generated name with a timestamp).
params.publicKey
string
required
public key to use for authentication. Must be generated prior to calling this function, this is because the OIDC nonce has to be set to sha256(publicKey).
params.sessionKey
string
session key to use for session creation (defaults to the default session key).
Response
A successful response returns the following fields: