Behavior Notes

Full session: success=true with sessionId, user, expiresAt.
Pending 2FA: success=false with requires_2fa=true, sessionId, available_methods, and user.

Get Current Session

GET

/auth/session/current

Resolve the current session state from the HTTP-only session cookie. Used by the frontend after a social OAuth callback in cookie mode to determine whether the user has a full session or a pending 2FA session, without the session token ever appearing in the URL.

Typical usage: After a social login redirect with ?social_login=success and no session_id in the URL, the frontend calls this endpoint with credentials: 'include' to get the session state.

Responses

Session resolved successfully

Content-Type

application/json

JSON

{

"success": true,

"sessionId": "ses_xyz789abc123",

"requires_2fa": false,

"user": {

"id": "usr_123abc",

"email": "user@example.com",

"name": "John"

"expiresAt": "2026-04-13T12:00:00.000Z"

}

GET

/auth/session/current

Behavior Notes

Get Current Session

Responses

Playground

Samples

Behavior Notes ​

Get Current Session​

Responses​

Playground​

Samples​

Behavior Notes

Get Current Session

Responses

Playground

Samples