Start the Google OAuth flow for an institution-level token

curl --request GET \
  --url https://pria.praxislxp.com/api/auth/google/institution/authorize \
  --header 'Authorization: Bearer <token>'

{
  "error": "Institution ID required"
}

OAuth

Start the Google OAuth flow for an institution-level token

Begins an institution-scoped Google OAuth 2.0 authorization-code flow. The resulting token is later stored on Institution.cloudServices.google.googleLoginToken and is used as the shared institution credential for downstream Google API calls performed on behalf of any member of that institution.

The caller MUST hold institutions.edit on the target institution (checked via checkRAPForUI). The captured session state records the connecting user’s _id (connectedByUserId) so the callback can attribute the connection.

GET

api

auth

google

institution

authorize

Start the Google OAuth flow for an institution-level token

curl --request GET \
  --url https://pria.praxislxp.com/api/auth/google/institution/authorize \
  --header 'Authorization: Bearer <token>'

{
  "error": "Institution ID required"
}

Authorizations

Authorization

string

header

required

JWT token passed in authorization header

Query Parameters

institutionId

string

required

ObjectId of the institution to attach the token to.

scopes

string

required

Comma-separated Google service names. Resolved via GoogleServicesConfig.buildScopes.

Response

Redirect to Google's OAuth consent screen. On error during initiation (configuration / lookup failure) the user is redirected to ${PRIA_URL}/oauth/success?error=auth_initiation_failed instead.

Revoke the caller's stored Google Services token Validate an institution's stored Google token