# NylasConnect.callback()

Source: https://developer.nylas.com/docs/v3/auth/nylas-connect/nylasconnect-class/callback-methods/nylasconnect-callback/

`NylasConnect.callback()` is a callback handler that works for both [pop-up](/docs/v3/auth/nylas-connect/#set-up-basic-authentication-using-pop-up-flow) and [inline](/docs/v3/auth/nylas-connect/#set-up-basic-authentication-using-inline-flow) authentication flows. This is the recommended method when handling OAuth callbacks on your backend.

## Usage

```ts [usage-Frontend (browser)]
// In the browser, automatically uses window.location
const result = await nylasConnect.callback();
```

```ts [usage-Backend (required)]
// On the backend, you MUST pass the full callback URL
const callbackUrl = `${req.protocol}://${req.get("host")}${req.originalUrl}`;
const result = await nylasConnect.callback(callbackUrl);
```

The `url` parameter is **optional in the browser** (defaults to `window.location`) but **required on the backend** since there's no `window` object available.

## When to use on backend

Use `callback(url)` on your backend when:

- You want to handle OAuth code exchange with `client_secret` (more secure than PKCE)
- You need to store tokens on the backend, not in the browser
- You want to link grants to users securely using a state parameter
- You're making Nylas API calls from the backend using your API key

See the [backend-handled OAuth flow guide](/docs/v3/auth/nylas-connect/#backend-handled-oauth-without-idp) for a complete example.

## Parameters

| Property | Type    | Description                                                                                         |
| -------- | ------- | --------------------------------------------------------------------------------------------------- |
| `url`    | string? | The callback URL to process. Optional in browser (uses `window.location`). **Required on backend.** |

## Return value

The `callback()` method returns a `Promise<ConnectResult>` with the following properties.

| Property      | Type                       | Description                                                                         |
| ------------- | -------------------------- | ----------------------------------------------------------------------------------- |
| `accessToken` | string                     | The access token associated with the user's grant.                                  |
| `expiresAt`   | number                     | When the access token will expire, in milliseconds using the Unix timestamp format. |
| `grantId`     | string                     | A unique identifier for the user's grant.                                           |
| `grantInfo`   | [`GrantInfo?`](#grantinfo) | Optional grant information from the `idToken`.                                      |
| `idToken`     | string                     | An ID token containing information about the user.                                  |
| `scope`       | string                     | A space-delimited list of scopes associated with the user's grant.                  |

### `GrantInfo`

| Property        | Type     | Description                                                            |
| --------------- | -------- | ---------------------------------------------------------------------- |
| `email`         | string   | The email address associated with the grant.                           |
| `emailVerified` | boolean? | When `true`, indicates that the user has verified their email address. |
| `familyName`    | string?  | The user's surname (last name).                                        |
| `givenName`     | string?  | The user's given (first) name.                                         |
| `id`            | string   | A unique identifier for the user's grant.                              |
| `name`          | string?  | The user's display name.                                               |
| `picture`       | string?  | A URL that links to the user's profile picture.                        |
| `provider`      | string   | The OAuth provider that the user authenticated with.                   |