get:
  tags: [OAuth]
  summary: OAuth callback handler
  security:
    - {}

  parameters:
    - name: provider
      in: path
      required: true
      schema:
        type: string
        enum: [google, github]

    - name: code
      in: query
      required: true
      description: Authorization code from OAuth provider
      schema:
        type: string
        example: "4/0AX4XfWjYxT5..."

    - name: state
      in: query
      required: false
      description: CSRF protection state parameter
      schema:
        type: string

  responses:
    '302':
      description: Redirect to frontend with tokens
      headers:
        Location:
          description: Frontend URL with tokens or error as query params
          schema:
            type: string
            example: "onasty.local/api/v1/auth/callback?access_token=...&refresh_token=...&error=..."

    '400':
      $ref: '../../components/responses/ErrorResponse.yml'

    '500':
      $ref: '../../components/responses/ErrorResponse.yml'