EasyStarter logoEasyStarter
Authentication

Social Login

Configure GitHub OAuth and Google OAuth social login

Social Login

EasyStarter ships with the following social login providers:

  • GitHub OAuth sign-in
  • Google OAuth sign-in

The server-side configuration lives in apps/server/src/lib/auth.ts. In that file:

  • GitHub callback URL: {SERVER_URL}/api/auth/callback/github
  • Google callback URL: {SERVER_URL}/api/auth/callback/google

Required Environment Variables

GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

Create a GitHub OAuth App

GitHub OAuth is used for GitHub sign-in on web and native clients.

GitHub developer console: GitHub Developer Settings

  1. Sign in to GitHub and open Settings
  2. Go to Developer settings
  3. Open OAuth Apps
  4. Click New OAuth App
  5. Fill in the application details

These fields should typically be set like this:

  • Application name: your product name
  • Homepage URL: your website URL, for example https://yourdomain.com
  • Authorization callback URL: {SERVER_URL}/api/auth/callback/github

For example, if your server URL is:

SERVER_URL=https://server.yourdomain.com

Then the callback URL should be:

https://server.yourdomain.com/api/auth/callback/github

In local development, easystarter uses http://localhost:3001 for the server by default, so this is usually:

http://localhost:3001/api/auth/callback/github

After creation, GitHub gives you:

  • Client ID -> maps to GITHUB_CLIENT_ID
  • Client Secret -> maps to GITHUB_CLIENT_SECRET

Create a Google OAuth Client

Google OAuth is used for Google sign-in on web and native clients.

Google Cloud Console: Google Cloud Console

  1. Sign in to Google Cloud Console
  2. Select or create a project
  3. Go to APIs & Services > Credentials
  4. Click Create Credentials
  5. Choose OAuth client ID
  6. If prompted, complete the OAuth consent screen first
  7. Set the application type to Web application
  8. Configure the allowed origins and callback URL

These fields should typically be set like this:

  • Authorized JavaScript origins: your website URL, for example https://yourdomain.com
  • Authorized redirect URIs: https://yourdomain.com/api/auth/callback/google

For example, if your server URL is:

SERVER_URL=https://server.yourdomain.com

Then these should be:

  • Authorized JavaScript origins: https://server.yourdomain.com
  • Authorized redirect URIs: https://server.yourdomain.com/api/auth/callback/google

In local development, easystarter uses http://localhost:3001 for the server by default, so this is usually:

  • Authorized JavaScript origins: http://localhost:3001
  • Authorized redirect URIs: http://localhost:3001/api/auth/callback/google

After creation, Google gives you:

  • Client ID -> maps to GOOGLE_CLIENT_ID
  • Client Secret -> maps to GOOGLE_CLIENT_SECRET

Set the environment variables

For local development, it is simplest to put everything into apps/server/.dev.vars:

apps/server/.dev.vars
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secret
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret

For production, keep the sensitive values in apps/server/.env.production:

apps/server/.env.production
GITHUB_CLIENT_SECRET=your-github-client-secret
GOOGLE_CLIENT_SECRET=your-google-client-secret

Then add the non-sensitive GITHUB_CLIENT_ID and GOOGLE_CLIENT_ID to the vars section in apps/server/wrangler.jsonc:

apps/server/wrangler.jsonc
"vars": {
  "GITHUB_CLIENT_ID": "your-github-client-id",
  "GOOGLE_CLIENT_ID": "your-google-client-id"
}

Adding More Providers

If you later want to add more providers such as Apple, Discord, or GitLab, extend the socialProviders configuration in apps/server/src/lib/auth.ts.