diff --git a/src/nextjs/server/proxy.ts b/src/nextjs/server/proxy.ts
index c664ad3..dfa63c8 100644
--- a/src/nextjs/server/proxy.ts
+++ b/src/nextjs/server/proxy.ts
@@ -64,7 +64,7 @@ export async function proxyAuthActionToConvex(
     // Do not require auth when refreshing tokens or validating a code since they
     // are steps in the auth flow.
     const fetchActionAuthOptions =
-      args.refreshToken !== undefined || args.params?.code !== undefined
+      args.refreshToken !== undefined || args.params?.cvxAuthCode !== undefined
         ? {}
         : { token };
     try {
diff --git a/src/nextjs/server/request.ts b/src/nextjs/server/request.ts
index d96404c..043f24a 100644
--- a/src/nextjs/server/request.ts
+++ b/src/nextjs/server/request.ts
@@ -26,9 +26,9 @@ export async function handleAuthenticationInRequest(
   const refreshTokens = await getRefreshedTokens(verbose);
 
   // Handle code exchange for OAuth and magic links via server-side redirect
-  const code = requestUrl.searchParams.get("cvxAuthCode");
+  const cvxAuthCode = requestUrl.searchParams.get("cvxAuthCode");
   if (
-    code &&
+    cvxAuthCode &&
     request.method === "GET" &&
     request.headers.get("accept")?.includes("text/html")
   ) {
@@ -39,7 +39,7 @@ export async function handleAuthenticationInRequest(
     try {
       const result = await fetchAction(
         "auth:signIn" as unknown as SignInAction,
-        { params: { code }, verifier },
+        { params: { cvxAuthCode }, verifier },
       );
       if (result.tokens === undefined) {
         throw new Error("Invalid `signIn` action result for code exchange");
diff --git a/src/server/implementation/signIn.ts b/src/server/implementation/signIn.ts
index 66aade0..3dd4b14 100644
--- a/src/server/implementation/signIn.ts
+++ b/src/server/implementation/signIn.ts
@@ -105,7 +105,8 @@ async function handleEmailAndPhoneProvider(
   | { kind: "started"; started: true }
   | { kind: "signedIn"; signedIn: SessionInfoWithTokens }
 > {
-  if (args.params?.code !== undefined) {
+  // TODO this this flow
+  if (args.params?.cvxAuthCode !== undefined) {
     const result = await callVerifyCodeAndSignIn(ctx, {
       params: args.params,
       provider: provider.id,
diff --git a/src/server/implementation/types.ts b/src/server/implementation/types.ts
index f637204..40d3617 100644
--- a/src/server/implementation/types.ts
+++ b/src/server/implementation/types.ts
@@ -102,6 +102,7 @@ export const authTables = {
    * - OTP tokens
    * - magic link tokens
    * - OAuth codes
+   * Let's call all of these "cvxAuthCodes" to distinguish them from oauth code= param.
    */
   authVerificationCodes: defineTable({
     accountId: v.id("authAccounts"),