Skip to main content

Social Authentication (OAuth)

Ever Gauzy supports social login via OAuth 2.0 with multiple providers. This allows users to sign in using their existing accounts.

Supported Providersโ€‹

ProviderStrategyEnvironment Variable Prefix
Googlepassport-google-oauth20GOOGLE_
GitHubpassport-github2GITHUB_
Facebookpassport-facebookFACEBOOK_
Twitterpassport-twitterTWITTER_
LinkedInpassport-linkedin-oauth2LINKEDIN_
Microsoftpassport-microsoftMICROSOFT_

OAuth Flowโ€‹

Configurationโ€‹

Google OAuthโ€‹

  1. Go to Google Cloud Console
  2. Create/select a project
  3. Navigate to APIs & Services โ†’ Credentials
  4. Create OAuth 2.0 Client ID
  5. Add authorized redirect URIs: http://localhost:3000/api/auth/google/callback
# .env
GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-google-client-secret
GOOGLE_CALLBACK_URL=http://localhost:3000/api/auth/google/callback

GitHub OAuthโ€‹

  1. Go to GitHub Developer Settings
  2. Create a new OAuth App
  3. Set callback URL: http://localhost:3000/api/auth/github/callback
# .env
GAUZY_GITHUB_OAUTH_CLIENT_ID=your-github-client-id
GAUZY_GITHUB_OAUTH_CLIENT_SECRET=your-github-client-secret
GAUZY_GITHUB_OAUTH_CALLBACK_URL=http://localhost:3000/api/auth/github/callback

Facebook OAuthโ€‹

  1. Go to Facebook Developers
  2. Create a new app
  3. Add the Facebook Login product
  4. Set redirect URI: http://localhost:3000/api/auth/facebook/callback
# .env
FACEBOOK_CLIENT_ID=your-facebook-app-id
FACEBOOK_CLIENT_SECRET=your-facebook-app-secret
FACEBOOK_CALLBACK_URL=http://localhost:3000/api/auth/facebook/callback
FACEBOOK_GRAPH_VERSION=v6.0

Twitter OAuthโ€‹

# .env
TWITTER_CLIENT_ID=your-twitter-api-key
TWITTER_CLIENT_SECRET=your-twitter-api-secret
TWITTER_CALLBACK_URL=http://localhost:3000/api/auth/twitter/callback

LinkedIn OAuthโ€‹

# .env
LINKEDIN_CLIENT_ID=your-linkedin-client-id
LINKEDIN_CLIENT_SECRET=your-linkedin-client-secret
LINKEDIN_CALLBACK_URL=http://localhost:3000/api/auth/linkedin/callback

Microsoft OAuthโ€‹

# .env
MICROSOFT_CLIENT_ID=your-microsoft-app-id
MICROSOFT_CLIENT_SECRET=your-microsoft-client-secret
MICROSOFT_CALLBACK_URL=http://localhost:3000/api/auth/microsoft/callback
MICROSOFT_RESOURCE=https://graph.microsoft.com
MICROSOFT_TENANT=common

Feature Flagsโ€‹

Social login providers can be enabled/disabled:

# .env
FEATURE_SOCIAL_LOGIN_GOOGLE=true
FEATURE_SOCIAL_LOGIN_GITHUB=true
FEATURE_SOCIAL_LOGIN_FACEBOOK=true
FEATURE_SOCIAL_LOGIN_TWITTER=false
FEATURE_SOCIAL_LOGIN_LINKEDIN=true
FEATURE_SOCIAL_LOGIN_MICROSOFT=true

User Linkingโ€‹

New Userโ€‹

If no account exists with the OAuth email:

  1. A new User record is created
  2. Profile picture from provider is stored
  3. User is sent to the onboarding flow (create tenant)
  4. JWT tokens are issued

Existing Userโ€‹

If an account with the OAuth email already exists:

  1. The OAuth profile is linked to the existing user
  2. JWT tokens are issued
  3. User is redirected to the dashboard

Callback URL Patternโ€‹

All callback URLs follow the pattern:

{API_BASE_URL}/api/auth/{provider}/callback
EnvironmentExample
Localhttp://localhost:3000/api/auth/google/callback
Productionhttps://api.gauzy.co/api/auth/google/callback
important

Make sure the callback URLs in your provider console exactly match the URLs configured in .env.

Frontend Integrationโ€‹

The frontend triggers social login by navigating to the provider endpoint:

// In Angular component
loginWithGoogle(): void {
  window.location.href = `${environment.apiBaseUrl}/api/auth/google`;
}

After successful authentication, the server redirects back to the frontend with JWT tokens as query parameters.