Skip to main content
FoN supports OAuth 2.0 authentication with major providers.

Supported Providers

ProviderInitiation EndpointCallback Endpoint
GoogleGET /api/auth/oauth/googleGET /api/auth/callback/google
AppleGET /api/auth/oauth/appleGET /api/auth/callback/apple
MetaGET /api/auth/oauth/metaGET /api/auth/callback/meta

OAuth Flow

OAuth authentication follows the standard flow:
1

Initiate OAuth

Redirect the user to the OAuth initiation endpoint:
https://api.fucksornot.com/api/auth/oauth/google
2

User Authenticates

User authenticates with the OAuth provider (Google, Apple, or Meta)
3

Callback

Provider redirects back to FoN’s callback endpoint with authorization code
4

Session Created

FoN creates a session and redirects to the application with authentication cookie set

Implementation

Web Applications

For web applications, simply link to the OAuth endpoint: 
<a href="https://api.fucksornot.com/api/auth/oauth/google">
  Sign in with Google
</a>

Single Page Applications

For SPAs, open a popup or redirect: 
// Popup method
const popup = window.open(
  'https://api.fucksornot.com/api/auth/oauth/google',
  'oauth',
  'width=500,height=600'
);

// Listen for the popup to close
const interval = setInterval(() => {
  if (popup.closed) {
    clearInterval(interval);
    // Check authentication status
    checkAuth();
  }
}, 1000);

Mobile Applications

For mobile apps, use a webview or in-app browser: 
// React Native example with expo-web-browser
import * as WebBrowser from 'expo-web-browser';

const signInWithGoogle = async () => {
  const result = await WebBrowser.openAuthSessionAsync(
    'https://api.fucksornot.com/api/auth/oauth/google',
    'your-app://callback'
  );
};

After OAuth

After successful OAuth authentication:
  1. A session is created on FoN
  2. An auth-token cookie is set
  3. The user is redirected to your application
Use the Check Status endpoint to verify authentication: 
curl https://api.fucksornot.com/api/auth/check \
  --cookie "auth-token=..."

Notes

  • OAuth creates or links to a FoN account
  • If the OAuth email matches an existing account, it’s linked
  • Users can have multiple OAuth providers linked to one account
  • MFA can still be enabled alongside OAuth