---
reference:
  curl:
    - url: /reference/workos-connect/standalone/complete
      key: authkit_standalone_complete
      id: authkit_standalone_complete
      title: /authkit/oauth2/complete
      type: POST
      parameters:
        - key: external_auth_id
          type: string
          description: Identifier provided when AuthKit redirected to your login page.
        - key: user
          type: object
          description: Authenticated user information.
          properties:
            - key: id
              type: string
              description: |
                Your application's user identifier, which will be stored as an
                [`external_id`](/authkit/metadata/external-identifiers). Used
                for upserting and deduplication.
            - key: email
              type: string
              description: (user.email)
            - key: first_name
              type: string
              optional: true
              description: (user.first_name)
            - key: last_name
              type: string
              optional: true
              description: (user.last_name)
            - key: metadata
              type: object
              optional: true
              description: (user.metadata)
        - key: user_consent_options
          type: array
          optional: true
          description: >-
            Array of [User Consent
            Options](/reference/workos-connect/standalone/user-consent-options).
      returns:
        - key: redirect_uri
          type: string
          description: URI to redirect the user back to AuthKit to complete the OAuth flow
originalPath: >-
  .tmp-workos-clone/packages/docs/content/reference/workos-connect/standalone/complete.mdx
---

## Complete external authentication

Completes an external authentication flow and returns control to AuthKit. This endpoint is used with [Standalone Connect](/authkit/connect/standalone) to bridge your existing authentication system with the Connect OAuth API infrastructure.

After successfully authenticating a user in your application, calling this endpoint will:

- Create or update the user in AuthKit, using the given `id` as its `external_id`.
- Return a `redirect_uri` your application should redirect to in order for AuthKit to complete the flow

Users are automatically created or updated based on the `id` and `email` provided. If a user with the same `id` exists, their information is updated. Otherwise, a new user is created.

If you provide a new `id` with an `email` that already belongs to an existing user, the request will fail with an error as email addresses are unique to a user.

<CodeBlock referenceId="authkit_standalone_complete">
  <CodeBlockTab title="Request" file="complete-external-auth-request" />
  <CodeBlockTab title="Response" file="complete-external-auth-response" />
</CodeBlock>