Getting Started

Provider Setup Guide

Step-by-step instructions for configuring each OAuth provider in Authon. For every provider, you will obtain a Client ID and a Client Secret, then paste them into the Providers page of your Authon dashboard.

Redirect / Callback URL pattern:

https://api.authon.dev/v1/auth/oauth/{provider}/callback

Google

Google OAuth 2.0 is configured via Google Cloud Console.

Go to console.cloud.google.com and select or create a project.

In the left menu, navigate to APIs & Services → OAuth consent screen. Choose External and fill in the required fields (App name, support email, developer contact).

Navigate to APIs & Services → Credentials → Create Credentials → OAuth 2.0 Client ID. Select Web application.

Under Authorized redirect URIs, add the Authon callback URL:

https://api.authon.dev/v1/auth/oauth/google/callback

Click Create. Copy the Client ID and Client Secret from the popup dialog.

Field mapping:

Client ID←OAuth 2.0 Client ID

Client Secret←OAuth 2.0 Client Secret

Requested scopes:

openidemailprofile

GitHub

Configure at github.com/settings/developers.

Go to Settings → Developer settings → OAuth Apps → New OAuth App.

Fill in Application name and Homepage URL (e.g. https://yourapp.com).

Set Authorization callback URL to:

https://api.authon.dev/v1/auth/oauth/github/callback

Click Register application. Then click Generate a new client secret and copy both values.

Field mapping:

Client ID←Client ID

Client Secret←Client Secret

Requested scopes:

read:useruser:email

Apple

Apple Sign In requires a Services ID and a private key for generating a client secret JWT. Configure at developer.apple.com.

In the Apple Developer Portal, go to Certificates, Identifiers & Profiles → Identifiers. Create or select your App ID and enable Sign In with Apple.

Create a new identifier of type Services IDs. Give it a description and a unique Bundle ID (e.g. com.yourapp.web). Enable Sign In with Apple.

Click Configure next to Sign In with Apple. Add your domain and set the Return URL to:

https://api.authon.dev/v1/auth/oauth/apple/callback

Go to Keys → Register a New Key. Enable Sign In with Apple, click Configure, and select your App ID. Download the .p8 private key file and note the Key ID.

Apple requires you to generate a short-lived (6-month max) JWT as the Client Secret. Use the script below. The resulting JWT is your Client Secret.

generate_apple_secret.py

import jwt, time

TEAM_ID     = "YOUR_TEAM_ID"        # 10-char Team ID from Apple Developer
KEY_ID      = "YOUR_KEY_ID"         # Key ID from the downloaded key
CLIENT_ID   = "com.yourapp.web"     # Your Services ID Bundle ID
KEY_FILE    = "AuthKey_XXXXXX.p8"   # Path to the .p8 private key

with open(KEY_FILE, "r") as f:
    private_key = f.read()

payload = {
    "iss": TEAM_ID,
    "iat": int(time.time()),
    "exp": int(time.time()) + 86400 * 180,  # 180 days
    "aud": "https://appleid.apple.com",
    "sub": CLIENT_ID,
}

client_secret = jwt.encode(payload, private_key, algorithm="ES256", headers={"kid": KEY_ID})
print(client_secret)

Or use this tool to generate the JWT directly in your browser — nothing is sent to any server:

Apple Client Secret Generatorruns in your browser — nothing is sent to any server

Team ID

Key ID

Services ID

Expiry

Private Key (.p8)Upload file

Note: Apple client secrets expire after a maximum of 6 months. You will need to regenerate and update the secret in your Authon dashboard before it expires.

Field mapping:

Client ID←Services ID Bundle ID (e.g. com.yourapp.web)

Client Secret←Generated JWT string (from the script above)

Facebook

Configure via Meta Developers.

Go to developers.facebook.com → My Apps → Create App. Choose Consumer or Business as the app type.

After creating the app, find Facebook Login in the product list and click Set Up.

Go to Facebook Login → Settings. Under Valid OAuth Redirect URIs, add:

https://api.authon.dev/v1/auth/oauth/facebook/callback

Go to App Settings → Basic. Copy the App ID and App Secret.

To allow users other than yourself to sign in, switch the app from Development to Live mode using the toggle at the top.

Field mapping:

Client ID←App ID

Client Secret←App Secret

Requested scopes:

public_profileemail

Instagram

Instagram OAuth uses the Instagram Basic Display API (or the newer Instagram Graph API), which is also managed through Meta Developers.

Go to developers.facebook.com → My Apps → Create App. Select Consumer.

In the app dashboard, find Instagram Basic Display and click Set Up. Then go to Instagram Basic Display → Basic Display.

Under Valid OAuth Redirect URIs, add:

https://api.authon.dev/v1/auth/oauth/instagram/callback

Add a test user under Roles → Instagram Test Users to test during development.

From Instagram Basic Display → Basic Display, copy the Instagram App ID and Instagram App Secret.

Field mapping:

Client ID←Instagram App ID

Client Secret←Instagram App Secret

Requested scopes:

user_profileuser_media

Microsoft

Configure via Azure Portal.

Go to portal.azure.com → Azure Active Directory (or Microsoft Entra ID) → App registrations → New registration.

Enter a name, select Accounts in any organizational directory and personal Microsoft accounts for the broadest compatibility.

Under Redirect URI, choose Web and enter:

https://api.authon.dev/v1/auth/oauth/microsoft/callback

Click Register. Copy the Application (client) ID from the overview page.

Go to Certificates & secrets → Client secrets → New client secret. Copy the Value immediately (it is only shown once).

Field mapping:

Client ID←Application (client) ID

Client Secret←Client secret Value

Requested scopes:

openidemailprofileUser.Read

Discord

Configure via discord.com/developers.

Go to the Developer Portal → New Application. Give it a name and confirm.

In the left sidebar, go to OAuth2. Under Redirects, click Add Redirect and enter:

https://api.authon.dev/v1/auth/oauth/discord/callback

Stay on the OAuth2 page. Copy the Client ID. Click Reset Secret and copy the new Client Secret.

Field mapping:

Client ID←Client ID

Client Secret←Client Secret

Requested scopes:

identifyemail

X (Twitter)

Authon uses OAuth 2.0 with PKCE. Configure via developer.twitter.com.

Go to the Developer Portal → Projects & Apps → select or create a project → Add App.

Under App Settings → Authentication settings, enable OAuth 2.0. Set App type to Web App.

Set the Callback URI to:

https://api.authon.dev/v1/auth/oauth/twitter/callback

Copy the Client ID and Client Secret from the Keys and tokens tab.

Note: Twitter / X OAuth 2.0 requires a Developer Account with Elevated access for the email scope. Without it, only users.read and tweet.read are available.

Field mapping:

Client ID←OAuth 2.0 Client ID

Client Secret←OAuth 2.0 Client Secret

Requested scopes:

users.readtweet.readoffline.access

Configure via linkedin.com/developers.

Go to linkedin.com/developers/apps → Create App. Fill in the app name, LinkedIn Page, and logo.

Go to the Auth tab. Under Authorized redirect URLs for your app, add:

https://api.authon.dev/v1/auth/oauth/linkedin/callback

Copy the Client ID and Client Secret from the same Auth tab.

Go to the Products tab and request access to Sign In with LinkedIn using OpenID Connect.

Field mapping:

Client ID←Client ID

Client Secret←Client Secret

Requested scopes:

openidprofileemail

Slack

Configure via api.slack.com/apps.

Go to api.slack.com/apps → Create New App → From scratch. Choose a workspace for development.

In the left sidebar, go to OAuth & Permissions. Under Redirect URLs, click Add New Redirect URL and enter:

https://api.authon.dev/v1/auth/oauth/slack/callback

Under Scopes → User Token Scopes, add the required scopes.

Go to Basic Information. Copy the Client ID and Client Secret under App Credentials.

Field mapping:

Client ID←Client ID

Client Secret←Client Secret

Requested scopes:

openidemailprofile

Twitch

Configure via dev.twitch.tv/console.

Go to dev.twitch.tv/console → Applications → Register Your Application.

Set the OAuth Redirect URL to:

https://api.authon.dev/v1/auth/oauth/twitch/callback

Set the Category to Website Integration. Click Create.

Click Manage on your app. Copy the Client ID. Click New Secret and copy the Client Secret.

Field mapping:

Client ID←Client ID

Client Secret←Client Secret

Requested scopes:

openiduser:read:email

LINE

Configure via developers.line.biz.

Go to developers.line.biz → Providers → select or create a provider → Create a new channel → choose LINE Login.

Fill in the channel name, description, and app type (Web app).

Go to the LINE Login tab. Under Callback URL, add:

https://api.authon.dev/v1/auth/oauth/line/callback

Go to the Basic settings tab. Copy the Channel ID and Channel secret.

Field mapping:

Client ID←Channel ID

Client Secret←Channel secret

Requested scopes:

profileopenidemail

Kakao

Configure via developers.kakao.com.

Go to developers.kakao.com → My Application → Add Application. Enter an app name and company name.

In the app dashboard, go to Kakao Login → Activate. Under Redirect URI, add:

https://api.authon.dev/v1/auth/oauth/kakao/callback

Go to App Keys. Copy the REST API Key — this is your Client ID.

To enable a Client Secret, go to Kakao Login → Security → enable Client Secret and copy the generated secret value.

Note: The Kakao Client Secret is optional but strongly recommended for production. Without it, the Client ID alone is used for token exchange, which is less secure.

Under Kakao Login → Consent items, activate Nickname, Profile picture, and Kakao account (email).

Field mapping:

Client ID←REST API Key

Client Secret←Client Secret code (optional but recommended)

Requested scopes:

profile_nicknameprofile_imageaccount_email

Naver

Configure via developers.naver.com.

Go to developers.naver.com/apps/#/register. Log in with your Naver account and click 애플리케이션 등록 (Register Application).

Enter the application name. Under 사용 API, select 네이버 로그인 (Naver Login) and choose the permission items: Name, Email, Profile image, Mobile.

Under 서비스 URL, enter your app's homepage URL. Under Callback URL, add:

https://api.authon.dev/v1/auth/oauth/naver/callback

After registering, go to the app's 개요 (Overview) tab. Copy the Client ID and Client Secret.

Field mapping:

Client ID←Client ID

Client Secret←Client Secret

Spotify

Configure via developer.spotify.com/dashboard.

Go to developer.spotify.com/dashboard → Create App. Fill in the app name, description, and website URL.

Under Redirect URIs, add:

https://api.authon.dev/v1/auth/oauth/spotify/callback

Check Web API and Web Playback SDK if needed. Click Save.

In the app dashboard, click Settings. Copy the Client ID and click View client secret to copy the Client Secret.

Field mapping:

Client ID←Client ID

Client Secret←Client Secret

Requested scopes:

user-read-emailuser-read-private

TikTok

Configure via developers.tiktok.com.

Go to developers.tiktok.com/apps → Create App. Provide the app name and description.

Under the Login Kit product section, enable it and add the redirect URI:

https://api.authon.dev/v1/auth/oauth/tiktok/callback

Under Scopes, enable user.info.basic and user.info.email.

Copy the Client Key (used as Client ID) and Client Secret from the app detail page.

Note: TikTok uses the term "Client Key" instead of "Client ID". Paste the Client Key into the Client ID field in Authon.

Field mapping:

Client ID←Client Key

Client Secret←Client Secret

Requested scopes:

user.info.basicuser.info.email

GitLab

GitLab supports OAuth 2.0 and can be configured at either gitlab.com or a self-hosted GitLab instance.

On GitLab, go to your avatar → Edit profile → Applications (in the left sidebar).

Fill in the Name. Under Redirect URI, add:

https://api.authon.dev/v1/auth/oauth/gitlab/callback

Under Scopes, check read_user and email.

Click Save application. Copy the Application ID and the Secret.

Field mapping:

Client ID←Application ID

Client Secret←Secret

Requested scopes:

read_useremailopenidprofile

Bitbucket

Configure via Bitbucket Workspace settings at bitbucket.org.

Go to Workspace Settings (click your avatar → select a workspace → Settings) → OAuth consumers → Add consumer.

Fill in the Name and Callback URL:

https://api.authon.dev/v1/auth/oauth/bitbucket/callback

Under Permissions, check Account → Read and Email → Read.

Click Save. Expand the consumer to view the Key (Client ID) and Secret (Client Secret).

Field mapping:

Client ID←Key

Client Secret←Secret

Notion

Configure via notion.so/my-integrations.

Go to notion.so/my-integrations → New integration.

Enter an Integration name, select a workspace, and choose Public integration type.

In the OAuth Domain & URIs section, add the redirect URI:

https://api.authon.dev/v1/auth/oauth/notion/callback

After creating the integration, go to its settings page and click Show next to the Client Secret to reveal it. Copy the OAuth client ID and OAuth client secret.

Note: Notion OAuth only grants access to pages and databases the user explicitly selects during the authorization flow. The user.email capability must be enabled in the integration settings to retrieve the user's email address.

Field mapping:

Client ID←OAuth client ID

Client Secret←OAuth client secret