Security enhancements to IP Vault and new Gemini 3.1 Flash Live STS model for Convo mode
API Documentation
Runtime API
- GETInitiate SSO login
- POSTSSO callback
- POSTGitHub Marketplace webhook receiver
- GETStart the Google Services (per-user) OAuth consent flow
- GETGoogle Services OAuth callback
- GETValidate the caller's stored Google Services token
- DELRevoke the caller's stored Google Services token
- GETStart the Google OAuth flow for an institution-level token
- GETValidate an institution's stored Google token
- DELRevoke an institution's stored Google token
- GETComplete the Canvas LMS API authorization handoff
Administrator API
- GETInitiate SSO login
- POSTSSO callback
- POSTGitHub Marketplace webhook receiver
- GETStart the Google Services (per-user) OAuth consent flow
- GETGoogle Services OAuth callback
- GETValidate the caller's stored Google Services token
- DELRevoke the caller's stored Google Services token
- GETStart the Google OAuth flow for an institution-level token
- GETValidate an institution's stored Google token
- DELRevoke an institution's stored Google token
- GETComplete the Canvas LMS API authorization handoff
curl --request GET \
--url https://pria.praxislxp.com/api/auth/google/services/authorize \
--header 'Authorization: Bearer <token>'{
"error": "No services specified"
}Start the Google Services (per-user) OAuth consent flow
Begins a Google OAuth 2.0 authorization-code flow scoped to the per-user services
the caller requests (Gmail / Drive / Calendar / Sheets / Docs). Generates a CSRF
state, stores it in req.session.oauth_state along with the caller’s userId
and institution context, then 302-redirects to Google’s consent screen with
access_type=offline and prompt=consent to ensure a refresh token is issued.
Storage routing (Option B):
- If the JWT has an institution attached, the resulting token is stored on
UserInstitution.googleLoginToken(institution-specific). - If there is no institution, it goes on
User.googleLoginToken(personal).
Origin handling: the origin query param (profile default, chat for the
in-chat consent prompt) is preserved in the session so the post-callback redirect
returns the user to the right place.
curl --request GET \
--url https://pria.praxislxp.com/api/auth/google/services/authorize \
--header 'Authorization: Bearer <token>'{
"error": "No services specified"
}Documentation Index
Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
JWT token passed in authorization header
Query Parameters
Comma-separated list of Google service names to request. Each name is
expanded via GoogleServicesConfig.buildScopes. Common values:
gmail, drive, calendar, sheets, docs.
Where the user was when they triggered the consent. Controls the post-callback
redirect — chat returns to the chat page, profile returns to the profile page.
profile, chat Response
Redirect to Google's OAuth consent screen.
Was this page helpful?