# Authentication

The table below provides a comprehensive overview of the Flashback API authentication endpoints, grouped by functional area. Each section lists the available HTTP functions along with a concise description of their purpose, helping developers understand how to authenticate users, manage OAuth flows, and control access tokens.

{% hint style="info" %}
Authentication is required for most API operations. The Flashback platform supports multiple authentication methods including OAuth providers and traditional username/password authentication.
{% endhint %}

## Token Management API Calls

<table><thead><tr><th width="247.4000244140625">Method</th><th>API Reference</th><th>Description</th></tr></thead><tbody><tr><td><mark style="color:green;"><code>GET</code></mark><code>/token</code></td><td><a href="authentication/get__token"><strong>get__token</strong></a></td><td>List all active refresh tokens for the user.</td></tr><tr><td><mark style="color:red;"><code>DELETE</code></mark><code>/token/{tokenId}</code></td><td><a href="authentication/delete__token_-tokenid"><strong>delete__token_{tokenId}</strong></a></td><td>Revoke a specific refresh token.</td></tr></tbody></table>

## OAuth Authentication API Calls

<table><thead><tr><th width="247.4000244140625">Method</th><th>API Reference</th><th>Description</th></tr></thead><tbody><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/google</code></td><td><a href="authentication/post__auth_google"><strong>post__auth_google</strong></a></td><td>Authenticate user using a Google OAuth access token.</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/github</code></td><td><a href="authentication/post__auth_github"><strong>post__auth_github</strong></a></td><td>Authenticate user using a GitHub OAuth code.</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/github/refresh</code></td><td><a href="authentication/post__auth_github_refresh"><strong>post__auth_github_refresh</strong></a></td><td>Refresh an expired GitHub access token.</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/google/refresh</code></td><td><a href="authentication/post__auth_google_refresh"><strong>post__auth_google_refresh</strong></a></td><td>Refresh an expired Google access token.</td></tr><tr><td><mark style="color:orange;"><code>POST</code></mark><code>/auth/google/exchange</code></td><td><a href="authentication/post__auth_google_exchange"><strong>post__auth_google_exchange</strong></a></td><td>Exchange Google OAuth code for an access token.</td></tr></tbody></table>

## Authentication Flow Overview

### OAuth Authentication

The Flashback platform supports OAuth 2.0 authentication with popular providers:

* **Google OAuth**: Complete OAuth flow including code exchange and token refresh
* **GitHub OAuth**: GitHub-specific OAuth implementation with refresh capabilities

### Traditional Authentication

For applications that prefer traditional authentication:

* **User Registration**: Create new user accounts with email verification
* **User Login**: Authenticate with email/password credentials
* **Token Refresh**: Maintain session continuity with refresh tokens

### Token Management

Secure token lifecycle management:

* **Token Listing**: View all active refresh tokens for the current user
* **Token Revocation**: Securely revoke specific refresh tokens when needed

{% hint style="warning" %}
**Security Note**: Always use HTTPS in production environments and store refresh tokens securely. Never expose access tokens in client-side code or logs.
{% endhint %}