Social Login
Auris supports nine social identity providers out of the box. When social login is enabled for a provider, the corresponding login button appears automatically on the hosted login page — no frontend code changes required.
Social login uses the same OAuth2 Authorization Code + PKCE flow as Hosted Login. Your application SDK configuration does not change — only the Console configuration for each provider is needed.
Supported providers: Google, GitHub, Microsoft, Apple, Facebook, Discord, LinkedIn, Twitter/X, Slack
Console Setup
Open Social Providers settings
In the Auris Console, navigate to Authentication → Social Providers.
Enable a provider
Click the toggle next to the provider you want to enable. This reveals the configuration fields.
Configure Client ID and Client Secret
Enter the OAuth application credentials obtained from the provider’s developer portal (see provider-specific instructions below).
Save and test
Click Save. The provider button appears on the hosted login page immediately. Use the Test button to verify the configuration before releasing to users.
You do not need to modify your SDK initialization or redirect configuration when adding social providers. The hosted login page handles the provider-specific OAuth flows internally.
Provider Setup Instructions
- Go to Google Cloud Console → APIs & Services → Credentials
- Click Create Credentials → OAuth 2.0 Client ID
- Set application type to Web application
- Add
https://auth.yourdomain.com/api/auth/social/google/callbackto Authorized redirect URIs - Copy the Client ID and Client Secret into the Auris Console
Ensure the Google People API is enabled in your Google Cloud project.
GitHub
- Go to GitHub Developer Settings → OAuth Apps → New OAuth App
- Set Authorization callback URL to
https://auth.yourdomain.com/api/auth/social/github/callback - Copy the Client ID and generate a Client Secret
Microsoft
- Go to Azure Portal → Azure Active Directory → App registrations → New registration
- Set the redirect URI to
https://auth.yourdomain.com/api/auth/social/microsoft/callback - Under Certificates & secrets, create a new client secret
- Copy Application (client) ID and the secret value
To allow login from any Microsoft tenant (not just your own), select Accounts in any organizational directory and personal Microsoft accounts during app registration.
Apple
- Go to Apple Developer Portal → Certificates, Identifiers & Profiles → Identifiers
- Create a new Services ID and enable Sign in with Apple
- Configure the redirect URL:
https://auth.yourdomain.com/api/auth/social/apple/callback - Download the private key (.p8 file) from Keys
- In Auris Console, enter your Team ID, Key ID, Services ID (client ID), and the private key contents
Apple requires a verified domain and a real HTTPS URL for the redirect URI. Localhost does not work with Apple Sign In in production mode.
- Go to Meta for Developers → My Apps → Create App
- Choose Consumer as the app type and add the Facebook Login product
- Set Valid OAuth Redirect URIs to
https://auth.yourdomain.com/api/auth/social/facebook/callback - Copy the App ID and App Secret from the app dashboard
Ensure your Facebook app is in Live mode to allow users outside your developer team to authenticate.
Discord
- Go to Discord Developer Portal → New Application
- Navigate to OAuth2 → Redirects and add
https://auth.yourdomain.com/api/auth/social/discord/callback - Copy the Client ID and Client Secret
- Go to LinkedIn Developer Portal → Create App
- Under Auth, add
https://auth.yourdomain.com/api/auth/social/linkedin/callbackto Authorized redirect URLs - Request the
openid,profile, andemailOAuth scopes - Copy the Client ID and Client Secret
Twitter / X
- Go to X Developer Portal → Projects & Apps → Create App
- Enable OAuth 2.0 under User authentication settings
- Set the callback URL to
https://auth.yourdomain.com/api/auth/social/twitter/callback - Set app permissions to Read (for basic profile access)
- Copy the Client ID and Client Secret
Twitter/X uses OAuth 2.0 with PKCE natively. Auris handles this transparently.
Slack
- Go to Slack API → Create New App → From scratch
- Under OAuth & Permissions, add
https://auth.yourdomain.com/api/auth/social/slack/callbackto Redirect URLs - Request scopes:
openid,profile,email - Under Basic Information, copy the Client ID and Client Secret
SDK Usage
When using the Auris SDKs, you can trigger a specific social provider directly — bypassing the hosted login page’s provider selection screen:
React
import { useAuris } from '@auris/react'
function SocialLoginButtons() {
const { loginWithSocial } = useAuris()
return (
<div>
<button onClick={() => loginWithSocial('google')}>
Continue with Google
</button>
<button onClick={() => loginWithSocial('github')}>
Continue with GitHub
</button>
<button onClick={() => loginWithSocial('microsoft')}>
Continue with Microsoft
</button>
</div>
)
}Account Linking
When a user authenticates via a social provider using an email address that already exists in Auris, the social identity is automatically linked to the existing account. The user does not create a duplicate account.
This means a user can:
- Create an account with email/password
- Later log in with Google (same email) — and land in the same account
- Log in with either method going forward
To disable automatic linking: Set allowAccountLinking: false in Console → Authentication → Social Providers → Advanced. When disabled, a second account is created for the social identity, or an error is returned if your tenant configuration prevents duplicate emails.
User Profile Data
The following fields are populated from social provider profiles on first login, and optionally refreshed on subsequent logins:
| Field | GitHub | Microsoft | Apple | Others | |
|---|---|---|---|---|---|
| Yes | Yes (if public) | Yes | Yes | Varies | |
| First Name | Yes | No | Yes | Yes (first time only) | Varies |
| Last Name | Yes | No | Yes | Yes (first time only) | Varies |
| Avatar URL | Yes | Yes | Yes | No | Varies |
| Username | No | Yes (login) | No | No | Varies |
Apple only provides the user’s name on the very first login. Subsequent logins from Apple do not resend name data. Auris stores the name from the first login and uses it on all subsequent sessions.
Hosted Login Page Integration
When social providers are enabled in the Console, their login buttons appear automatically on the Auris hosted login page. No changes to your application code are required. The buttons are styled to match the provider’s brand guidelines.
To customize button order or disable specific providers from the hosted page (while keeping the SDK loginWithSocial() method available), use Console → Branding → Login Page → Social Provider Display Order.
Related Guides
- Hosted Login (PKCE) — The underlying OAuth2 flow used for social login
- Magic Links — Passwordless email as an alternative to social login
- Enterprise SSO — SAML 2.0 and OIDC federation for corporate identity providers