From 0c2ed01b5b37f51065258d65ef0081c623df1c0e Mon Sep 17 00:00:00 2001
From: Ethan Dsouza <ethan.dsouza@mintoak.com>
Date: Wed, 21 Jan 2026 19:14:42 -0800
Subject: [PATCH] Support POST request for android

---
 .../spawn/auth/api/AuthController.java           | 16 +++++++++++++---
 .../auth/api/dto/OAuthSignInRequestDTO.java      | 15 +++++++++++++++
 2 files changed, 28 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/com/danielagapov/spawn/auth/api/dto/OAuthSignInRequestDTO.java

diff --git a/src/main/java/com/danielagapov/spawn/auth/api/AuthController.java b/src/main/java/com/danielagapov/spawn/auth/api/AuthController.java
index 4dec9e26..14466f4f 100644
--- a/src/main/java/com/danielagapov/spawn/auth/api/AuthController.java
+++ b/src/main/java/com/danielagapov/spawn/auth/api/AuthController.java
@@ -3,6 +3,7 @@
 import com.danielagapov.spawn.auth.api.dto.CheckEmailVerificationRequestDTO;
 import com.danielagapov.spawn.auth.api.dto.EmailVerificationResponseDTO;
 import com.danielagapov.spawn.auth.api.dto.OAuthRegistrationDTO;
+import com.danielagapov.spawn.auth.api.dto.OAuthSignInRequestDTO;
 import com.danielagapov.spawn.auth.api.dto.SendEmailVerificationRequestDTO;
 import com.danielagapov.spawn.user.api.dto.*;
 import com.danielagapov.spawn.shared.util.OAuthProvider;
@@ -52,12 +53,21 @@ public class AuthController {
      * <p>
      * If the user is already saved within Spawn -> we return its `BaseUserDTO`. Otherwise, null.
      */
-    // full path: /api/v1/auth/sign-in?externalUserId=externalUserId&email=email
+    // full path: /api/v1/auth/sign-in?externalUserId=externalUserId&email=email (supports both GET with query params and POST with body)
     @GetMapping("sign-in")
-    public ResponseEntity<?> signIn(
+    public ResponseEntity<?> signInGet(
             @RequestParam(value = "idToken", required = true) String idToken,
             @RequestParam(value = "provider", required = true) OAuthProvider provider,
-            @RequestParam(value = "email", required = false) String email)
+            @RequestParam(value = "email", required = false) String email) {
+        return signIn(idToken, provider, email);
+    }
+
+    @PostMapping("sign-in")
+    public ResponseEntity<?> signInPost(@RequestBody OAuthSignInRequestDTO request) {
+        return signIn(request.getIdToken(), request.getProvider(), request.getEmail());
+    }
+
+    private ResponseEntity<?> signIn(String idToken, OAuthProvider provider, String email)
     {
         try {
             Optional<AuthResponseDTO> optionalDTO = oauthService.signInUser(idToken, email, provider);
diff --git a/src/main/java/com/danielagapov/spawn/auth/api/dto/OAuthSignInRequestDTO.java b/src/main/java/com/danielagapov/spawn/auth/api/dto/OAuthSignInRequestDTO.java
new file mode 100644
index 00000000..e27f9d74
--- /dev/null
+++ b/src/main/java/com/danielagapov/spawn/auth/api/dto/OAuthSignInRequestDTO.java
@@ -0,0 +1,15 @@
+package com.danielagapov.spawn.auth.api.dto;
+
+import com.danielagapov.spawn.shared.util.OAuthProvider;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class OAuthSignInRequestDTO {
+    private String idToken;
+    private OAuthProvider provider;
+    private String email;
+}