Social Authentication (OAuth)
Ever Gauzy supports social login via OAuth 2.0 with multiple providers. This allows users to sign in using their existing accounts.
Supported Providers
| Provider | Strategy | Environment Variable Prefix |
|---|---|---|
passport-google-oauth20 | GOOGLE_ | |
| GitHub | passport-github2 | GITHUB_ |
passport-facebook | FACEBOOK_ | |
passport-twitter | TWITTER_ | |
passport-linkedin-oauth2 | LINKEDIN_ | |
| Microsoft | passport-microsoft | MICROSOFT_ |
OAuth Flow
Configuration
Google OAuth
- Go to Google Cloud Console
- Create/select a project
- Navigate to APIs & Services → Credentials
- Create OAuth 2.0 Client ID
- Add authorized redirect URIs:
http://localhost:3000/api/auth/google/callback
# .env
GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-google-client-secret
GOOGLE_CALLBACK_URL=http://localhost:3000/api/auth/google/callback
GitHub OAuth
- Go to GitHub Developer Settings
- Create a new OAuth App
- Set callback URL:
http://localhost:3000/api/auth/github/callback
# .env
GAUZY_GITHUB_OAUTH_CLIENT_ID=your-github-client-id
GAUZY_GITHUB_OAUTH_CLIENT_SECRET=your-github-client-secret
GAUZY_GITHUB_OAUTH_CALLBACK_URL=http://localhost:3000/api/auth/github/callback
Facebook OAuth
- Go to Facebook Developers
- Create a new app
- Add the Facebook Login product
- Set redirect URI:
http://localhost:3000/api/auth/facebook/callback
# .env
FACEBOOK_CLIENT_ID=your-facebook-app-id
FACEBOOK_CLIENT_SECRET=your-facebook-app-secret
FACEBOOK_CALLBACK_URL=http://localhost:3000/api/auth/facebook/callback
FACEBOOK_GRAPH_VERSION=v6.0
Twitter OAuth
# .env
TWITTER_CLIENT_ID=your-twitter-api-key
TWITTER_CLIENT_SECRET=your-twitter-api-secret
TWITTER_CALLBACK_URL=http://localhost:3000/api/auth/twitter/callback
LinkedIn OAuth
# .env
LINKEDIN_CLIENT_ID=your-linkedin-client-id
LINKEDIN_CLIENT_SECRET=your-linkedin-client-secret
LINKEDIN_CALLBACK_URL=http://localhost:3000/api/auth/linkedin/callback
Microsoft OAuth
# .env
MICROSOFT_CLIENT_ID=your-microsoft-app-id
MICROSOFT_CLIENT_SECRET=your-microsoft-client-secret
MICROSOFT_CALLBACK_URL=http://localhost:3000/api/auth/microsoft/callback
MICROSOFT_RESOURCE=https://graph.microsoft.com
MICROSOFT_TENANT=common
Feature Flags
Social login providers can be enabled/disabled:
# .env
FEATURE_SOCIAL_LOGIN_GOOGLE=true
FEATURE_SOCIAL_LOGIN_GITHUB=true
FEATURE_SOCIAL_LOGIN_FACEBOOK=true
FEATURE_SOCIAL_LOGIN_TWITTER=false
FEATURE_SOCIAL_LOGIN_LINKEDIN=true
FEATURE_SOCIAL_LOGIN_MICROSOFT=true
User Linking
New User
If no account exists with the OAuth email:
- A new User record is created
- Profile picture from provider is stored
- User is sent to the onboarding flow (create tenant)
- JWT tokens are issued
Existing User
If an account with the OAuth email already exists:
- The OAuth profile is linked to the existing user
- JWT tokens are issued
- User is redirected to the dashboard
Callback URL Pattern
All callback URLs follow the pattern:
{API_BASE_URL}/api/auth/{provider}/callback
| Environment | Example |
|---|---|
| Local | http://localhost:3000/api/auth/google/callback |
| Production | https://api.gauzy.co/api/auth/google/callback |
important
Make sure the callback URLs in your provider console exactly match the URLs configured in .env.
Frontend Integration
The frontend triggers social login by navigating to the provider endpoint:
// In Angular component
loginWithGoogle(): void {
window.location.href = `${environment.apiBaseUrl}/api/auth/google`;
}
After successful authentication, the server redirects back to the frontend with JWT tokens as query parameters.
Related Pages
- Auth Overview — authentication architecture
- JWT Authentication — token management
- Configuration — all environment variables