快速入门
登录方式配置指南
在 Authon 中配置每种 OAuth 登录方式的分步说明。对于每个登录方式,您需要获取 Client ID 和 Client Secret,然后将其粘贴到 Authon 控制台的登录方式页面。
重定向 / 回调 URL 格式:
https://api.authon.dev/v1/auth/oauth/redirect
Important: All OAuth providers share the same single redirect URI. Do not use per-provider callback URLs.
Google OAuth 2.0 is configured via Google Cloud Console.
1
Go to console.cloud.google.com and select or create a project.
2
In the left menu, navigate to APIs & Services → OAuth consent screen. Choose External and fill in the required fields (App name, support email, developer contact).
3
Navigate to APIs & Services → Credentials → Create Credentials → OAuth 2.0 Client ID. Select Web application.
4
Authorized redirect URIs, add the Authon callback URL:
https://api.authon.dev/v1/auth/oauth/redirect
5
Create. Copy the Client ID and Client Secret from the popup dialog.
字段映射:
Client ID←OAuth 2.0 Client ID
Client Secret←OAuth 2.0 Client Secret
请求的权限范围:
openidemailprofile
GitHub
Configure at github.com/settings/developers.
1
Settings → Developer settings → OAuth Apps → New OAuth App.
2
Application name and Homepage URL (e.g.
https://yourapp.com).3
Authorization callback URL to:
https://api.authon.dev/v1/auth/oauth/redirect
4
Register application. Then click Generate a new client secret and copy both values.
字段映射:
Client ID←Client ID
Client Secret←Client Secret
请求的权限范围:
read:useruser:email
Apple
Apple Sign In requires a Services ID and a private key for generating a client secret JWT. Configure at developer.apple.com.
注意:Apple uses two types of identifiers: App IDs (for native iOS/macOS apps) and Services IDs (for web login). To use Sign In with Apple on the web, you must create a Services ID.
1
In the Apple Developer Portal, go to Certificates, Identifiers & Profiles → Identifiers. Create or select your App ID and enable Sign In with Apple. (The App ID is used for native app login and serves as the basis for web login.)
2
On the same Identifiers page, click + to register a new identifier. Choose Services IDs and click Continue.
3
Enter a description (e.g.
My App Web Login) and a unique identifier (e.g. com.yourapp.web). This identifier is the Client ID you will enter in Authon. Click Continue → Register to create it.4
Click the newly created Services ID to edit it. Check Sign In with Apple and click Configure. Primary App ID to the App ID from Step 1. Under Domains and Subdomains add your domain. Under Return URLs add:
https://api.authon.dev/v1/auth/oauth/redirect
5
In the Apple Developer Portal sidebar, go to Keys and click + or Register a New Key.
6
Enter a key name (e.g.
Authon Sign In) and check Sign In with Apple. Click Configure next to it and select the Primary App ID you created in Step 1, then Save.7
Continue → Register to create the key. Download the
.p8 file. This file can only be downloaded once, so store it securely. Note the Key ID (10 characters) shown on screen.注意:Your Team ID is the 10-character code shown under your account name in the top-right of Apple Developer Portal, or on the Membership page.
8
Apple uses a short-lived JWT (6-month max) as the Client Secret. Fill in your Team ID, Key ID, Services ID, and .p8 file path in the script below. The resulting JWT is your Client Secret.
Or use this tool to generate the JWT directly in your browser — nothing is sent to any server:
Apple Client Secret Generatorruns in your browser — nothing is sent to any server
注意:Apple client secrets expire after a maximum of 6 months. You will need to regenerate and update the secret in your Authon dashboard before it expires.
9
To receive server-to-server notifications (consent revoked, account deleted), set the Notification Endpoint URL in your Services ID settings to:
https://api.authon.dev/v1/webhooks/oauth/apple
字段映射:
Client ID←Services ID Bundle ID (e.g. com.yourapp.web)
Client Secret←Generated JWT string (from the script above)
Configure via Meta Developers.
1
Go to developers.facebook.com → My Apps → Create App.Choose Consumer or Business as the app type.
2
After creating the app, find Facebook Login in the product list and click Set Up.
3
Go to Facebook Login → Settings. Under Valid OAuth Redirect URIs, add:
https://api.authon.dev/v1/auth/oauth/redirect
4
Go to App Settings → Basic. Copy the App ID and App Secret.
5
To allow users other than yourself to sign in, switch the app from Development to Live mode using the toggle at the top.
6
In Facebook Login → Settings, set the Deauthorize Callback URL and Data Deletion Request URL to:
https://api.authon.dev/v1/webhooks/oauth/facebook
字段映射:
Client ID←App ID
Client Secret←App Secret
请求的权限范围:
public_profileemail
Instagram OAuth uses the Instagram Basic Display API (or the newer Instagram Graph API), which is also managed through Meta Developers.
1
Go to developers.facebook.com → My Apps → Create App.Select Consumer.
2
In the app dashboard, find Instagram Basic Display and click Set Up. Then go to Instagram Basic Display → Basic Display.
3
Under Valid OAuth Redirect URIs, add:
https://api.authon.dev/v1/auth/oauth/redirect
4
Roles → Instagram Test Users to test during development.
5
Instagram Basic Display → Basic Display, copy the Instagram App ID and Instagram App Secret.
字段映射:
Client ID←Instagram App ID
Client Secret←Instagram App Secret
请求的权限范围:
user_profileuser_media
Microsoft
Configure via Azure Portal.
1
Go to portal.azure.com → Azure Active Directory (or Microsoft Entra ID) → App registrations → New registration.
2
Enter a name, select Accounts in any organizational directory and personal Microsoft accounts for the broadest compatibility.
3
Redirect URI, choose Web and enter:
https://api.authon.dev/v1/auth/oauth/redirect
4
Register. Copy the Application (client) ID from the overview page.
5
Go to Certificates & secrets → Client secrets → New client secret. Copy the Value immediately (it is only shown once).
字段映射:
Client ID←Application (client) ID
Client Secret←Client secret Value
请求的权限范围:
openidemailprofileUser.Read
Discord
Configure via discord.com/developers.
1
Go to the Developer Portal → New Application. Give it a name and confirm.
2
In the left sidebar, go to OAuth2. Under Redirects, click Add Redirect and enter:
https://api.authon.dev/v1/auth/oauth/redirect
3
Stay on the OAuth2 page. Copy the Client ID. Click Reset Secret and copy the new Client Secret.
字段映射:
Client ID←Client ID
Client Secret←Client Secret
请求的权限范围:
identifyemail
X (Twitter)
Authon uses OAuth 2.0 with PKCE. Configure via developer.twitter.com.
1
Go to the Developer Portal → Projects & Apps → select or create a project → Add App.
2
App Settings → Authentication settings, enable OAuth 2.0. Set App type to Web App.
3
Set the Callback URI to:
https://api.authon.dev/v1/auth/oauth/redirect
4
Copy the Client ID and Client Secret from the Keys and tokens tab.
注意:Twitter / X OAuth 2.0 requires a Developer Account with Elevated access for the
email scope. Without it, only users.read and tweet.read are available.字段映射:
Client ID←OAuth 2.0 Client ID
Client Secret←OAuth 2.0 Client Secret
请求的权限范围:
users.readtweet.readoffline.access
Configure via linkedin.com/developers.
1
Go to linkedin.com/developers/apps → Create App. Fill in the app name, LinkedIn Page, and logo.
2
Go to the Auth tab. Under Authorized redirect URLs for your app, add:
https://api.authon.dev/v1/auth/oauth/redirect
3
Copy the Client ID and Client Secret from the same Auth tab.
4
Go to the Products tab and request access to Sign In with LinkedIn using OpenID Connect.
字段映射:
Client ID←Client ID
Client Secret←Client Secret
请求的权限范围:
openidprofileemail
Slack
Configure via api.slack.com/apps.
1
Go to api.slack.com/apps → Create New App → From scratch. Choose a workspace for development.
2
In the left sidebar, go to OAuth & Permissions. Under Redirect URLs, click Add New Redirect URL and enter:
https://api.authon.dev/v1/auth/oauth/redirect
3
Scopes → User Token Scopes, add the required scopes.
4
Go to Basic Information. Copy the Client ID and Client Secret under App Credentials.
字段映射:
Client ID←Client ID
Client Secret←Client Secret
请求的权限范围:
openidemailprofile
Twitch
Configure via dev.twitch.tv/console.
1
Go to dev.twitch.tv/console → Applications → Register Your Application.
2
Set the OAuth Redirect URL to:
https://api.authon.dev/v1/auth/oauth/redirect
3
Category to Website Integration. Click Create.
4
Click Manage on your app. Copy the Client ID. Click New Secret and copy the Client Secret.
字段映射:
Client ID←Client ID
Client Secret←Client Secret
请求的权限范围:
openiduser:read:email
LINE
Configure via developers.line.biz.
1
Go to developers.line.biz → Providers → select or create a provider → Create a new channel → choose LINE Login.
2
Fill in the channel name, description, and app type (Web app).
3
Go to the LINE Login tab. Under Callback URL, add:
https://api.authon.dev/v1/auth/oauth/redirect
4
Go to the Basic settings tab. Copy the Channel ID and Channel secret.
5
In the Messaging API tab, set the Webhook URL to the following and enable Use webhook:
https://api.authon.dev/v1/webhooks/oauth/line
字段映射:
Client ID←Channel ID
Client Secret←Channel secret
请求的权限范围:
profileopenidemail
Kakao
Configure via Kakao login prerequisite guide.
1
Go to developers.kakao.com → My Application → Add Application
2
In the app dashboard, go to Kakao Login → General → Activate.
3
Go to App → General → Platform Keys. Copy the REST API Key (this is your Client ID). Then go to Kakao Login → General and add the callback URL under Redirect URI:
https://api.authon.dev/v1/auth/oauth/redirect
4
Open the issued REST API Key detail page and check the Secret Key (Client Secret).
5
Under Kakao Login → Consent items, activate Nickname, Profile picture, and Kakao account (email).
6
In My Application → App Settings → Advanced, set the Unlink Notification URL to:
https://api.authon.dev/v1/webhooks/oauth/kakao
注意:The Kakao Client Secret is optional but strongly recommended for production. Without it, the Client ID alone is used for token exchange, which is less secure.
字段映射:
Client ID←REST API Key
Client Secret←Secret Key (REST API Key detail page)
请求的权限范围:
profile_nicknameprofile_imageaccount_email
Naver
Configure via developers.naver.com.
1
Go to developers.naver.com/apps/#/register. Log in with your Naver account and click 애플리케이션 등록 (Register Application).
2
Enter the application name. Under 사용 API, select 네이버 로그인 (Naver Login) and choose the permission items: Name, Email, Profile image, Mobile.
3
서비스 URL, enter your app's homepage URL. Under Callback URL, add:
https://api.authon.dev/v1/auth/oauth/redirect
4
After registering, go to the app's 개요 (Overview) tab. Copy the Client ID and Client Secret.
5
In Naver Login → Service Settings, set the Disconnect Notification URL to:
https://api.authon.dev/v1/webhooks/oauth/naver
字段映射:
Client ID←Client ID
Client Secret←Client Secret
Spotify
Configure via developer.spotify.com/dashboard.
1
Go to developer.spotify.com/dashboard → Create App. Fill in the app name, description, and website URL.
2
Under Redirect URIs, add:
https://api.authon.dev/v1/auth/oauth/redirect
3
Web API and Web Playback SDK if needed. Click Save.
4
In the app dashboard, click Settings. Copy the Client ID and click View client secret to copy the Client Secret.
字段映射:
Client ID←Client ID
Client Secret←Client Secret
请求的权限范围:
user-read-emailuser-read-private
TikTok
Configure via developers.tiktok.com.
1
Go to developers.tiktok.com/apps → Create App. Provide the app name and description.
2
Under the Login Kit product section, enable it and add the redirect URI:
https://api.authon.dev/v1/auth/oauth/redirect
3
Under Scopes, enable user.info.basic and user.info.email.
4
Copy the Client Key (used as Client ID) and Client Secret from the app detail page.
注意:TikTok uses the term "Client Key" instead of "Client ID". Paste the Client Key into the Client ID field in Authon.
字段映射:
Client ID←Client Key
Client Secret←Client Secret
请求的权限范围:
user.info.basicuser.info.email
GitLab
GitLab supports OAuth 2.0 and can be configured at either gitlab.com or a self-hosted GitLab instance.
1
On GitLab, go to your avatar → Edit profile → Applications (in the left sidebar).
2
Name. Under Redirect URI, add:
https://api.authon.dev/v1/auth/oauth/redirect
3
Under Scopes, check read_user and email.
4
Save application. Copy the Application ID and the Secret.
字段映射:
Client ID←Application ID
Client Secret←Secret
请求的权限范围:
read_useremailopenidprofile
Bitbucket
Configure via Bitbucket Workspace settings at bitbucket.org.
1
Go to Workspace Settings (click your avatar → select a workspace → Settings) → OAuth consumers → Add consumer.
2
Name and Callback URL:
https://api.authon.dev/v1/auth/oauth/redirect
3
Under Permissions, check Account → Read and Email → Read.
4
Save. Expand the consumer to view the Key (Client ID) and Secret (Client Secret).
字段映射:
Client ID←Key
Client Secret←Secret
Notion
Configure via notion.so/my-integrations.
1
Go to notion.so/my-integrations → New integration.
2
Integration name, select a workspace, and choose Public integration type.
3
OAuth Domain & URIs section, add the redirect URI:
https://api.authon.dev/v1/auth/oauth/redirect
4
After creating the integration, go to its settings page and click Show next to the Client Secret to reveal it. Copy the OAuth client ID and OAuth client secret.
注意:Notion OAuth only grants access to pages and databases the user explicitly selects during the authorization flow. The
user.email capability must be enabled in the integration settings to retrieve the user's email address.字段映射:
Client ID←OAuth client ID
Client Secret←OAuth client secret