Social Login (OAuth)

Social login (OAuth) allows users to sign in using their existing accounts from popular platforms such as Google, Facebook, or GitHub. Instead of creating new credentials, users simply click a provider button and authenticate through OAuth.

What is an OAuth Provider and Application?

An OAuth provider is a service that allows you to authenticate users using their existing accounts from popular platforms such as Google, Facebook, or GitHub.

An OAuth application is your app's registration directly with an OAuth provider like Google or Facebook. It includes details such as your app name, website URL, and branding assets.

Descope comes with built-in OAuth applications for all major providers. This means you can begin testing social login right away while Descope manages the OAuth login process in the background. When you're ready to customize or move to production, simply create your own OAuth applications with each provider and update their configurations in the Descope Console.

For guides on how to set up your own OAuth applications with Descope, see the Configuring OAuth Providers guide.

Social Login (OAuth) with Flows

This guide will walk you through integrating OAuth-based social login into your Descope Flows.

Flow Actions

When using OAuth Login, you have the standard actions for most authentication methods available.

• Sign Up / OAuth - Signs the user up, but will not work if user already exists
• Sign Up or In / OAuth - Signs the user in, and if user doesn't exist it will automatically sign them up
• Sign In / OAuth - Signs the user in, but if the user doesn't exist it will fail.
• Update User / OAuth - Will merge OAuth identity to an existing user

This is an example of using the Sign Up or In action in a flow:

How to Use OAuth Actions

There are 7 modifiable parameters for the OAuth actions:

Step name

The name of the flow action to use.

Redirect URL

URL to redirect to after successful authentication with the OAuth provider.

Prompt

All OAuth actions can include a Prompt parameter, that can alter the behavior of the OAuth provider when redirecting to it.

The different prompt values can be:

• Login - The login prompt forces the user to re-authenticate, regardless of whether they are already logged in or have an active session with the OAuth provider.
• Consent - The consent prompt forces the OAuth provider to re-display the consent screen, asking the user to agree to the requested permissions (scopes) again, even if they have already granted consent.
• Select Account - The select_account prompt forces the user to select which account they want to use if they have multiple accounts logged in with the OAuth provider.
• None - The none prompt forces the authentication to complete without showing any UI to the user.

Use a default provider

Override to specify a specific OAuth provider to authenticate with. This is useful if you want to use generic buttons to login to a specific OAuth provider, like Google or Facebook.

Open in Popup

OAuth login will open in a popup.

Login Hint

login_hint parameter to pass to the OAuth provider. This can be used to pre-fill the username/email field on the OAuth provider's login page.

Force Non-Native OAuth

Force web-based OAuth login instead of native OAuth login on mobile.

Flow Screens

When using OAuth, you can use either the Default Provider buttons or normal buttons and connect them to the various OAuth actions mentioned above.

Error Handling

Error handling is handled like any other action. You can refer to our Flow Error Handling guide for more details.