# Login with Google

Authenticate the user using Google Sign-In. This endpoint should be called from the user's browser. It will redirect the User Agent to the Google IDP and redirect back to Transmit upon successful authentication. Once Transmit verifies the authentication response, the User Agent will be redirected to the redirect_uri specified in the request. This URI will now include a code parameter in the query, which will be later exchanged for a token via the /oidc/token endpoint.

Endpoint: GET /v1/auth/google

## Query parameters:

  - `client_id` (string, required)
    Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal
    Example: "DgsdfhSDsdfhtSDFXCCXBVMKPws345yscv2345XCZV"

  - `redirect_uri` (string, required)
    URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal
    Example: "https://www.example.com/login"

  - `create_new_user` (boolean)
    Indicates if a new user should be created if no user with associated email was found. If enabled, public signups must also be configured as allowed for the application.

  - `resource` (string)
    Resource URI the login is attempting to access.

  - `require_mfa` (boolean)
    Require multi factor authentication for this authentication request.
    Example: true

  - `claims` (string)
    A stringified object used to request additional claims in the ID token, such as roles, permissions, and other user profile data.
The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference.
Note: You should stringify the value.
    Example: "{\"id_token\":{\"roles\":null}}"

  - `state` (string)
    An opaque string that is used to maintain state between the request and the callback. It will be added to the redirect URI as a query parameter, which should be validated by your server to protect against cross-site request forgery (CSRF) attacks

  - `nonce` (string)
    A random value that is included in the authentication request from the client (e.g. browser) to mitigate replay attacks. It will be added to the id_token and the backend service should only accept id_tokens that include the same nonce value as the one included in the original request

  - `org_id` (string)
    Organization ID, used for member login in B2B scenarios

## Response 400 fields (application/json):

  - `message` (string, required)
    Example: "Invalid redirect_uri"

  - `error_code` (number, required)
    Example: 400


## Response 302 fields
