Getting Started
Provider Setup Guide
Step-by-step instructions for configuring each OAuth provider in Authon. For every provider, you will obtain a Client ID and a Client Secret, then paste them into the Providers page of your Authon dashboard.
Redirect / Callback URL pattern:
https://api.authon.dev/v1/auth/oauth/redirect
Important: All OAuth providers share the same single redirect URI. Do not use per-provider callback URLs.
Google OAuth 2.0 is configured via Google Cloud Console.
1
Go to console.cloud.google.com and select or create a project.
2
In the left menu, navigate to APIs & Services → OAuth consent screen. Choose External and fill in the required fields (App name, support email, developer contact).
3
Navigate to APIs & Services → Credentials → Create Credentials → OAuth 2.0 Client ID. Select Web application.
4
Authorized redirect URIs, add the Authon callback URL:
https://api.authon.dev/v1/auth/oauth/redirect
5
Create. Copy the Client ID and Client Secret from the popup dialog.
Field mapping:
Client ID←OAuth 2.0 Client ID
Client Secret←OAuth 2.0 Client Secret
Requested scopes:
openidemailprofile
GitHub
Configure at github.com/settings/developers.
1
Settings → Developer settings → OAuth Apps → New OAuth App.
2
Application name and Homepage URL (e.g.
https://yourapp.com).3
Authorization callback URL to:
https://api.authon.dev/v1/auth/oauth/redirect
4
Register application. Then click Generate a new client secret and copy both values.
Field mapping:
Client ID←Client ID
Client Secret←Client Secret
Requested scopes:
read:useruser:email
Apple
Apple Sign In requires a Services ID and a private key for generating a client secret JWT. Configure at developer.apple.com.
Note: Apple uses two types of identifiers: App IDs (for native iOS/macOS apps) and Services IDs (for web login). To use Sign In with Apple on the web, you must create a Services ID.
1
In the Apple Developer Portal, go to Certificates, Identifiers & Profiles → Identifiers. Create or select your App ID and enable Sign In with Apple. (The App ID is used for native app login and serves as the basis for web login.)
2
On the same Identifiers page, click + to register a new identifier. Choose Services IDs and click Continue.
3
Enter a description (e.g.
My App Web Login) and a unique identifier (e.g. com.yourapp.web). This identifier is the Client ID you will enter in Authon. Click Continue → Register to create it.4
Click the newly created Services ID to edit it. Check Sign In with Apple and click Configure. Primary App ID to the App ID from Step 1. Under Domains and Subdomains add your domain. Under Return URLs add:
https://api.authon.dev/v1/auth/oauth/redirect
5
In the Apple Developer Portal sidebar, go to Keys and click + or Register a New Key.
6
Enter a key name (e.g.
Authon Sign In) and check Sign In with Apple. Click Configure next to it and select the Primary App ID you created in Step 1, then Save.7
Continue → Register to create the key. Download the
.p8 file. This file can only be downloaded once, so store it securely. Note the Key ID (10 characters) shown on screen.Note: Your Team ID is the 10-character code shown under your account name in the top-right of Apple Developer Portal, or on the Membership page.
8
Apple uses a short-lived JWT (6-month max) as the Client Secret. Fill in your Team ID, Key ID, Services ID, and .p8 file path in the script below. The resulting JWT is your Client Secret.
Or use this tool to generate the JWT directly in your browser — nothing is sent to any server:
Apple Client Secret Generatorruns in your browser — nothing is sent to any server
Note: Apple client secrets expire after a maximum of 6 months. You will need to regenerate and update the secret in your Authon dashboard before it expires.
9
To receive server-to-server notifications (consent revoked, account deleted), set the Notification Endpoint URL in your Services ID settings to:
https://api.authon.dev/v1/webhooks/oauth/apple
Field mapping:
Client ID←Services ID Bundle ID (e.g. com.yourapp.web)
Client Secret←Generated JWT string (from the script above)
Configure via Meta Developers.
1
Go to developers.facebook.com → My Apps → Create App.Choose Consumer or Business as the app type.
2
After creating the app, find Facebook Login in the product list and click Set Up.
3
Go to Facebook Login → Settings. Under Valid OAuth Redirect URIs, add:
https://api.authon.dev/v1/auth/oauth/redirect
4
Go to App Settings → Basic. Copy the App ID and App Secret.
5
To allow users other than yourself to sign in, switch the app from Development to Live mode using the toggle at the top.
6
In Facebook Login → Settings, set the Deauthorize Callback URL and Data Deletion Request URL to:
https://api.authon.dev/v1/webhooks/oauth/facebook
Field mapping:
Client ID←App ID
Client Secret←App Secret
Requested scopes:
public_profileemail
Instagram OAuth uses the Instagram Basic Display API (or the newer Instagram Graph API), which is also managed through Meta Developers.
1
Go to developers.facebook.com → My Apps → Create App.Select Consumer.
2
In the app dashboard, find Instagram Basic Display and click Set Up. Then go to Instagram Basic Display → Basic Display.
3
Under Valid OAuth Redirect URIs, add:
https://api.authon.dev/v1/auth/oauth/redirect
4
Roles → Instagram Test Users to test during development.
5
Instagram Basic Display → Basic Display, copy the Instagram App ID and Instagram App Secret.
Field mapping:
Client ID←Instagram App ID
Client Secret←Instagram App Secret
Requested scopes:
user_profileuser_media
Microsoft
Configure via Azure Portal.
1
Go to portal.azure.com → Azure Active Directory (or Microsoft Entra ID) → App registrations → New registration.
2
Enter a name, select Accounts in any organizational directory and personal Microsoft accounts for the broadest compatibility.
3
Redirect URI, choose Web and enter:
https://api.authon.dev/v1/auth/oauth/redirect
4
Register. Copy the Application (client) ID from the overview page.
5
Go to Certificates & secrets → Client secrets → New client secret. Copy the Value immediately (it is only shown once).
Field mapping:
Client ID←Application (client) ID
Client Secret←Client secret Value
Requested scopes:
openidemailprofileUser.Read
Discord
Configure via discord.com/developers.
1
Go to the Developer Portal → New Application. Give it a name and confirm.
2
In the left sidebar, go to OAuth2. Under Redirects, click Add Redirect and enter:
https://api.authon.dev/v1/auth/oauth/redirect
3
Stay on the OAuth2 page. Copy the Client ID. Click Reset Secret and copy the new Client Secret.
Field mapping:
Client ID←Client ID
Client Secret←Client Secret
Requested scopes:
identifyemail
X (Twitter)
Authon uses OAuth 2.0 with PKCE. Configure via developer.twitter.com.
1
Go to the Developer Portal → Projects & Apps → select or create a project → Add App.
2
App Settings → Authentication settings, enable OAuth 2.0. Set App type to Web App.
3
Set the Callback URI to:
https://api.authon.dev/v1/auth/oauth/redirect
4
Copy the Client ID and Client Secret from the Keys and tokens tab.
Note: Twitter / X OAuth 2.0 requires a Developer Account with Elevated access for the
email scope. Without it, only users.read and tweet.read are available.Field mapping:
Client ID←OAuth 2.0 Client ID
Client Secret←OAuth 2.0 Client Secret
Requested scopes:
users.readtweet.readoffline.access
Configure via linkedin.com/developers.
1
Go to linkedin.com/developers/apps → Create App. Fill in the app name, LinkedIn Page, and logo.
2
Go to the Auth tab. Under Authorized redirect URLs for your app, add:
https://api.authon.dev/v1/auth/oauth/redirect
3
Copy the Client ID and Client Secret from the same Auth tab.
4
Go to the Products tab and request access to Sign In with LinkedIn using OpenID Connect.
Field mapping:
Client ID←Client ID
Client Secret←Client Secret
Requested scopes:
openidprofileemail
Slack
Configure via api.slack.com/apps.
1
Go to api.slack.com/apps → Create New App → From scratch. Choose a workspace for development.
2
In the left sidebar, go to OAuth & Permissions. Under Redirect URLs, click Add New Redirect URL and enter:
https://api.authon.dev/v1/auth/oauth/redirect
3
Scopes → User Token Scopes, add the required scopes.
4
Go to Basic Information. Copy the Client ID and Client Secret under App Credentials.
Field mapping:
Client ID←Client ID
Client Secret←Client Secret
Requested scopes:
openidemailprofile
Twitch
Configure via dev.twitch.tv/console.
1
Go to dev.twitch.tv/console → Applications → Register Your Application.
2
Set the OAuth Redirect URL to:
https://api.authon.dev/v1/auth/oauth/redirect
3
Category to Website Integration. Click Create.
4
Click Manage on your app. Copy the Client ID. Click New Secret and copy the Client Secret.
Field mapping:
Client ID←Client ID
Client Secret←Client Secret
Requested scopes:
openiduser:read:email
LINE
Configure via developers.line.biz.
1
Go to developers.line.biz → Providers → select or create a provider → Create a new channel → choose LINE Login.
2
Fill in the channel name, description, and app type (Web app).
3
Go to the LINE Login tab. Under Callback URL, add:
https://api.authon.dev/v1/auth/oauth/redirect
4
Go to the Basic settings tab. Copy the Channel ID and Channel secret.
5
In the Messaging API tab, set the Webhook URL to the following and enable Use webhook:
https://api.authon.dev/v1/webhooks/oauth/line
Field mapping:
Client ID←Channel ID
Client Secret←Channel secret
Requested scopes:
profileopenidemail
Kakao
Configure via Kakao login prerequisite guide.
1
Go to developers.kakao.com → My Application → Add Application
2
In the app dashboard, go to Kakao Login → General → Activate.
3
Go to App → General → Platform Keys. Copy the REST API Key (this is your Client ID). Then go to Kakao Login → General and add the callback URL under Redirect URI:
https://api.authon.dev/v1/auth/oauth/redirect
4
Open the issued REST API Key detail page and check the Secret Key (Client Secret).
5
Under Kakao Login → Consent items, activate Nickname, Profile picture, and Kakao account (email).
6
In My Application → App Settings → Advanced, set the Unlink Notification URL to:
https://api.authon.dev/v1/webhooks/oauth/kakao
Note: The Kakao Client Secret is optional but strongly recommended for production. Without it, the Client ID alone is used for token exchange, which is less secure.
Field mapping:
Client ID←REST API Key
Client Secret←Secret Key (REST API Key detail page)
Requested scopes:
profile_nicknameprofile_imageaccount_email
Naver
Configure via developers.naver.com.
1
Go to developers.naver.com/apps/#/register. Log in with your Naver account and click 애플리케이션 등록 (Register Application).
2
Enter the application name. Under 사용 API, select 네이버 로그인 (Naver Login) and choose the permission items: Name, Email, Profile image, Mobile.
3
서비스 URL, enter your app's homepage URL. Under Callback URL, add:
https://api.authon.dev/v1/auth/oauth/redirect
4
After registering, go to the app's 개요 (Overview) tab. Copy the Client ID and Client Secret.
5
In Naver Login → Service Settings, set the Disconnect Notification URL to:
https://api.authon.dev/v1/webhooks/oauth/naver
Field mapping:
Client ID←Client ID
Client Secret←Client Secret
Spotify
Configure via developer.spotify.com/dashboard.
1
Go to developer.spotify.com/dashboard → Create App. Fill in the app name, description, and website URL.
2
Under Redirect URIs, add:
https://api.authon.dev/v1/auth/oauth/redirect
3
Web API and Web Playback SDK if needed. Click Save.
4
In the app dashboard, click Settings. Copy the Client ID and click View client secret to copy the Client Secret.
Field mapping:
Client ID←Client ID
Client Secret←Client Secret
Requested scopes:
user-read-emailuser-read-private
TikTok
Configure via developers.tiktok.com.
1
Go to developers.tiktok.com/apps → Create App. Provide the app name and description.
2
Under the Login Kit product section, enable it and add the redirect URI:
https://api.authon.dev/v1/auth/oauth/redirect
3
Under Scopes, enable user.info.basic and user.info.email.
4
Copy the Client Key (used as Client ID) and Client Secret from the app detail page.
Note: TikTok uses the term "Client Key" instead of "Client ID". Paste the Client Key into the Client ID field in Authon.
Field mapping:
Client ID←Client Key
Client Secret←Client Secret
Requested scopes:
user.info.basicuser.info.email
GitLab
GitLab supports OAuth 2.0 and can be configured at either gitlab.com or a self-hosted GitLab instance.
1
On GitLab, go to your avatar → Edit profile → Applications (in the left sidebar).
2
Name. Under Redirect URI, add:
https://api.authon.dev/v1/auth/oauth/redirect
3
Under Scopes, check read_user and email.
4
Save application. Copy the Application ID and the Secret.
Field mapping:
Client ID←Application ID
Client Secret←Secret
Requested scopes:
read_useremailopenidprofile
Bitbucket
Configure via Bitbucket Workspace settings at bitbucket.org.
1
Go to Workspace Settings (click your avatar → select a workspace → Settings) → OAuth consumers → Add consumer.
2
Name and Callback URL:
https://api.authon.dev/v1/auth/oauth/redirect
3
Under Permissions, check Account → Read and Email → Read.
4
Save. Expand the consumer to view the Key (Client ID) and Secret (Client Secret).
Field mapping:
Client ID←Key
Client Secret←Secret
Notion
Configure via notion.so/my-integrations.
1
Go to notion.so/my-integrations → New integration.
2
Integration name, select a workspace, and choose Public integration type.
3
OAuth Domain & URIs section, add the redirect URI:
https://api.authon.dev/v1/auth/oauth/redirect
4
After creating the integration, go to its settings page and click Show next to the Client Secret to reveal it. Copy the OAuth client ID and OAuth client secret.
Note: Notion OAuth only grants access to pages and databases the user explicitly selects during the authorization flow. The
user.email capability must be enabled in the integration settings to retrieve the user's email address.Field mapping:
Client ID←OAuth client ID
Client Secret←OAuth client secret