Skip to Content
GuidesAuthenticationSocial Login

Social Login

Auris supports nine social identity providers out of the box. When social login is enabled for a provider, the corresponding login button appears automatically on the hosted login page — no frontend code changes required.

Social login uses the same OAuth2 Authorization Code + PKCE flow as Hosted Login. Your application SDK configuration does not change — only the Console configuration for each provider is needed.

Supported providers: Google, GitHub, Microsoft, Apple, Facebook, Discord, LinkedIn, Twitter/X, Slack


Console Setup

Open Social Providers settings

In the Auris Console, navigate to AuthenticationSocial Providers.

Enable a provider

Click the toggle next to the provider you want to enable. This reveals the configuration fields.

Configure Client ID and Client Secret

Enter the OAuth application credentials obtained from the provider’s developer portal (see provider-specific instructions below).

Save and test

Click Save. The provider button appears on the hosted login page immediately. Use the Test button to verify the configuration before releasing to users.

You do not need to modify your SDK initialization or redirect configuration when adding social providers. The hosted login page handles the provider-specific OAuth flows internally.


Provider Setup Instructions

Google

  1. Go to Google Cloud Console APIs & ServicesCredentials
  2. Click Create CredentialsOAuth 2.0 Client ID
  3. Set application type to Web application
  4. Add https://auth.yourdomain.com/api/auth/social/google/callback to Authorized redirect URIs
  5. Copy the Client ID and Client Secret into the Auris Console

Ensure the Google People API is enabled in your Google Cloud project.

GitHub

  1. Go to GitHub Developer Settings OAuth AppsNew OAuth App
  2. Set Authorization callback URL to https://auth.yourdomain.com/api/auth/social/github/callback
  3. Copy the Client ID and generate a Client Secret

Microsoft

  1. Go to Azure Portal Azure Active DirectoryApp registrationsNew registration
  2. Set the redirect URI to https://auth.yourdomain.com/api/auth/social/microsoft/callback
  3. Under Certificates & secrets, create a new client secret
  4. Copy Application (client) ID and the secret value

To allow login from any Microsoft tenant (not just your own), select Accounts in any organizational directory and personal Microsoft accounts during app registration.

Apple

  1. Go to Apple Developer Portal Certificates, Identifiers & ProfilesIdentifiers
  2. Create a new Services ID and enable Sign in with Apple
  3. Configure the redirect URL: https://auth.yourdomain.com/api/auth/social/apple/callback
  4. Download the private key (.p8 file) from Keys
  5. In Auris Console, enter your Team ID, Key ID, Services ID (client ID), and the private key contents

Apple requires a verified domain and a real HTTPS URL for the redirect URI. Localhost does not work with Apple Sign In in production mode.

Facebook

  1. Go to Meta for Developers My AppsCreate App
  2. Choose Consumer as the app type and add the Facebook Login product
  3. Set Valid OAuth Redirect URIs to https://auth.yourdomain.com/api/auth/social/facebook/callback
  4. Copy the App ID and App Secret from the app dashboard

Ensure your Facebook app is in Live mode to allow users outside your developer team to authenticate.

Discord

  1. Go to Discord Developer Portal New Application
  2. Navigate to OAuth2Redirects and add https://auth.yourdomain.com/api/auth/social/discord/callback
  3. Copy the Client ID and Client Secret

LinkedIn

  1. Go to LinkedIn Developer Portal Create App
  2. Under Auth, add https://auth.yourdomain.com/api/auth/social/linkedin/callback to Authorized redirect URLs
  3. Request the openid, profile, and email OAuth scopes
  4. Copy the Client ID and Client Secret

Twitter / X

  1. Go to X Developer Portal Projects & AppsCreate App
  2. Enable OAuth 2.0 under User authentication settings
  3. Set the callback URL to https://auth.yourdomain.com/api/auth/social/twitter/callback
  4. Set app permissions to Read (for basic profile access)
  5. Copy the Client ID and Client Secret

Twitter/X uses OAuth 2.0 with PKCE natively. Auris handles this transparently.

Slack

  1. Go to Slack API Create New AppFrom scratch
  2. Under OAuth & Permissions, add https://auth.yourdomain.com/api/auth/social/slack/callback to Redirect URLs
  3. Request scopes: openid, profile, email
  4. Under Basic Information, copy the Client ID and Client Secret

SDK Usage

When using the Auris SDKs, you can trigger a specific social provider directly — bypassing the hosted login page’s provider selection screen:

import { useAuris } from '@auris/react' function SocialLoginButtons() { const { loginWithSocial } = useAuris() return ( <div> <button onClick={() => loginWithSocial('google')}> Continue with Google </button> <button onClick={() => loginWithSocial('github')}> Continue with GitHub </button> <button onClick={() => loginWithSocial('microsoft')}> Continue with Microsoft </button> </div> ) }

Account Linking

When a user authenticates via a social provider using an email address that already exists in Auris, the social identity is automatically linked to the existing account. The user does not create a duplicate account.

This means a user can:

  • Create an account with email/password
  • Later log in with Google (same email) — and land in the same account
  • Log in with either method going forward

To disable automatic linking: Set allowAccountLinking: false in Console → Authentication → Social Providers → Advanced. When disabled, a second account is created for the social identity, or an error is returned if your tenant configuration prevents duplicate emails.


User Profile Data

The following fields are populated from social provider profiles on first login, and optionally refreshed on subsequent logins:

FieldGoogleGitHubMicrosoftAppleOthers
EmailYesYes (if public)YesYesVaries
First NameYesNoYesYes (first time only)Varies
Last NameYesNoYesYes (first time only)Varies
Avatar URLYesYesYesNoVaries
UsernameNoYes (login)NoNoVaries

Apple only provides the user’s name on the very first login. Subsequent logins from Apple do not resend name data. Auris stores the name from the first login and uses it on all subsequent sessions.


Hosted Login Page Integration

When social providers are enabled in the Console, their login buttons appear automatically on the Auris hosted login page. No changes to your application code are required. The buttons are styled to match the provider’s brand guidelines.

To customize button order or disable specific providers from the hosted page (while keeping the SDK loginWithSocial() method available), use Console → Branding → Login Page → Social Provider Display Order.


  • Hosted Login (PKCE) — The underlying OAuth2 flow used for social login
  • Magic Links — Passwordless email as an alternative to social login
  • Enterprise SSO — SAML 2.0 and OIDC federation for corporate identity providers