Exchange a GoTrue refresh token for a mnemom_session cookie

curl --request POST \
  --url https://api.mnemom.ai/v1/auth/token-exchange \
  --header 'Content-Type: application/json' \
  --data '
{
  "refresh_token": "<string>"
}
'

{
  "user": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "email": "[email protected]"
  }
}

Auth

Exchange a GoTrue refresh token for a mnemom_session cookie

Mirror of /auth/cli-exchange in the opposite direction. Called by the SPA after landing on a Supabase implicit-flow redirect (magic-link login), whose session tokens arrive in the URL fragment. The endpoint performs the GoTrue refresh grant server-side — proving possession and consuming the single-use refresh token — then registers a session and sets the HttpOnly mnemom_session cookie. JSON-only; no redirect parameter. Rate-limited like sibling auth endpoints.

POST

auth

token-exchange

curl --request POST \
  --url https://api.mnemom.ai/v1/auth/token-exchange \
  --header 'Content-Type: application/json' \
  --data '
{
  "refresh_token": "<string>"
}
'

{
  "user": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "email": "[email protected]"
  }
}

Body

application/json

refresh_token

string

required

GoTrue refresh token from the implicit-flow fragment.

Response

Session established. Sets mnemom_session.

user

object

required

Show child attributes

aal

enum<string>

required

Available options:

aal1,

aal2

Set the authenticated user's active org OAuth 2.1 authorization endpoint (renders the consent screen)

⌘I