Security enhancements to IP Vault and new Gemini 3.1 Flash Live STS model for Convo mode
API Documentation
Runtime API
- GETInitiate SSO login
- POSTSSO callback
- POSTGitHub Marketplace webhook receiver
- GETStart the Google Services (per-user) OAuth consent flow
- GETGoogle Services OAuth callback
- GETValidate the caller's stored Google Services token
- DELRevoke the caller's stored Google Services token
- GETStart the Google OAuth flow for an institution-level token
- GETValidate an institution's stored Google token
- DELRevoke an institution's stored Google token
- GETComplete the Canvas LMS API authorization handoff
Administrator API
- GETInitiate SSO login
- POSTSSO callback
- POSTGitHub Marketplace webhook receiver
- GETStart the Google Services (per-user) OAuth consent flow
- GETGoogle Services OAuth callback
- GETValidate the caller's stored Google Services token
- DELRevoke the caller's stored Google Services token
- GETStart the Google OAuth flow for an institution-level token
- GETValidate an institution's stored Google token
- DELRevoke an institution's stored Google token
- GETComplete the Canvas LMS API authorization handoff
curl --request GET \
--url https://pria.praxislxp.com/api/auth/google/services/validate \
--header 'Authorization: Bearer <token>'{
"valid": true,
"source": "institution",
"cleared": false,
"message": "<string>",
"error": "<string>"
}Validate the caller's stored Google Services token
Checks whether the caller’s stored Google access token is still accepted by Google by making a probing call to the userinfo endpoint. Resolves which storage location to read from in the same priority order as the runtime authenticator: institution token first (when the JWT has an institution), personal token second.
If Google rejects the token (revoked externally, expired refresh chain, etc.),
the handler clears it from the database and returns valid: false, cleared: true.
This is a side-effecting probe — calling it can wipe a stale token.
curl --request GET \
--url https://pria.praxislxp.com/api/auth/google/services/validate \
--header 'Authorization: Bearer <token>'{
"valid": true,
"source": "institution",
"cleared": false,
"message": "<string>",
"error": "<string>"
}Documentation Index
Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
JWT token passed in authorization header
Response
Validation completed. Inspect valid for the outcome.
Whether the stored Google access_token is currently accepted by Google.
true
Which storage location the validated token came from. institution means it
lived on the user's UserInstitution.googleLoginToken; user means the
personal token on the User record. Null when no token is configured.
institution, user Set to true when an invalid token was just cleared from the database.
false
Set when no token is configured for the resolved source.
Set on validation failure — passes through Google's error message.
Was this page helpful?