Social Login
Configure GitHub OAuth and Google OAuth social login
Social Login
EasyStarter ships with the following social login providers:
- GitHub OAuth sign-in
- Google OAuth sign-in
The server-side configuration lives in apps/server/src/lib/auth.ts. In that file:
- GitHub callback URL:
{SERVER_URL}/api/auth/callback/github - Google callback URL:
{SERVER_URL}/api/auth/callback/google
Required Environment Variables
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=Create a GitHub OAuth App
GitHub OAuth is used for GitHub sign-in on web and native clients.
GitHub developer console: GitHub Developer Settings
- Sign in to GitHub and open
Settings - Go to
Developer settings - Open
OAuth Apps - Click
New OAuth App - Fill in the application details
These fields should typically be set like this:
Application name: your product nameHomepage URL: your website URL, for examplehttps://yourdomain.comAuthorization callback URL:{SERVER_URL}/api/auth/callback/github
For example, if your server URL is:
SERVER_URL=https://server.yourdomain.comThen the callback URL should be:
https://server.yourdomain.com/api/auth/callback/githubIn local development, easystarter uses http://localhost:3001 for the server by default, so this is usually:
http://localhost:3001/api/auth/callback/githubAfter creation, GitHub gives you:
Client ID-> maps toGITHUB_CLIENT_IDClient Secret-> maps toGITHUB_CLIENT_SECRET
Create a Google OAuth Client
Google OAuth is used for Google sign-in on web and native clients.
Google Cloud Console: Google Cloud Console
- Sign in to Google Cloud Console
- Select or create a project
- Go to
APIs & Services > Credentials - Click
Create Credentials - Choose
OAuth client ID - If prompted, complete the
OAuth consent screenfirst - Set the application type to
Web application - Configure the allowed origins and callback URL
These fields should typically be set like this:
Authorized JavaScript origins: your website URL, for examplehttps://yourdomain.comAuthorized redirect URIs:https://yourdomain.com/api/auth/callback/google
For example, if your server URL is:
SERVER_URL=https://server.yourdomain.comThen these should be:
Authorized JavaScript origins:https://server.yourdomain.comAuthorized redirect URIs:https://server.yourdomain.com/api/auth/callback/google
In local development, easystarter uses http://localhost:3001 for the server by default, so this is usually:
Authorized JavaScript origins:http://localhost:3001Authorized redirect URIs:http://localhost:3001/api/auth/callback/google
After creation, Google gives you:
Client ID-> maps toGOOGLE_CLIENT_IDClient Secret-> maps toGOOGLE_CLIENT_SECRET
Set the environment variables
For local development, it is simplest to put everything into apps/server/.dev.vars:
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secret
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secretFor production, keep the sensitive values in apps/server/.env.production:
GITHUB_CLIENT_SECRET=your-github-client-secret
GOOGLE_CLIENT_SECRET=your-google-client-secretThen add the non-sensitive GITHUB_CLIENT_ID and GOOGLE_CLIENT_ID to the vars section in apps/server/wrangler.jsonc:
"vars": {
"GITHUB_CLIENT_ID": "your-github-client-id",
"GOOGLE_CLIENT_ID": "your-google-client-id"
}Adding More Providers
If you later want to add more providers such as Apple, Discord, or GitLab, extend the socialProviders configuration in apps/server/src/lib/auth.ts.