curl --request GET \
--url https://pria.praxislxp.com/api/auth/google/services/validate \
--header 'Authorization: Bearer <token>'{
"valid": true,
"cleared": false,
"message": "<string>",
"error": "<string>"
}Validate the caller's stored Google Services token
Checks whether the caller’s stored Google access token is still accepted by Google by making a probing call to the userinfo endpoint. Resolves which storage location to read from in the same priority order as the runtime authenticator: institution token first (when the JWT has an institution), personal token second.
If Google rejects the token (revoked externally, expired refresh chain, etc.),
the handler clears it from the database and returns valid: false, cleared: true.
This is a side-effecting probe — calling it can wipe a stale token.
curl --request GET \
--url https://pria.praxislxp.com/api/auth/google/services/validate \
--header 'Authorization: Bearer <token>'{
"valid": true,
"cleared": false,
"message": "<string>",
"error": "<string>"
}Authorizations
JWT token passed in authorization header
Response
Validation completed. Inspect valid for the outcome.
Whether the stored Google access_token is currently accepted by Google.
true
Which storage location the validated token came from. institution means it
lived on the user's UserInstitution.googleLoginToken; user means the
personal token on the User record. Null when no token is configured.
institution, user Set to true when an invalid token was just cleared from the database.
false
Set when no token is configured for the resolved source.
Set on validation failure — passes through Google's error message.
Was this page helpful?