Social Login (OAuth)
Social login (OAuth) allows users to sign in to your application using their existing accounts from popular platforms like Google, Facebook, or GitHub. Instead of creating a new account, users can simply click a button to authenticate using their social login credentials. This provides a seamless login experience while maintaining security through OAuth protocols.
With Descope, you can get started with social login immediately using our pre-configured OAuth accounts, or you can set up your own authentication accounts with custom branding and settings. This flexibility allows you to start testing quickly and then transition to production with your own configuration when ready.
What is an Authentication Account?
An authentication account is your application's registration with an OAuth provider. When you create an authentication account, you provide details such as your application name, website, and branding.
However, you don't need to create authentication accounts to get started! Descope comes preconfigured with authentication accounts for all major OAuth providers. This means you can begin implementing social login immediately while Descope handles all the OAuth registration details behind the scenes.
When you're ready to customize the experience, you can create your own authentication accounts for each provider and update the configuration in the Descope console with your application details.
Social Login (OAuth) Providers
The following list covers the supported OOTB providers for Social Login authentication (OAuth)
Provider | API <provider> parameter |
---|---|
google | |
GitHub | github |
Microsoft | microsoft |
Apple | apple |
facebook | |
GitLab | gitlab |
Discord | discord |
linkedin | |
Slack | slack |
Social Login (OAuth) with Flows
This guide will walk you through integrating OAuth-based social login into your Descope Flows.
Flow Actions
When using OAuth Login, you have the standard actions for most authentication methods available.
- Sign Up / OAuth - Signs the user up, but will not work if user already exists
- Sign Up or In / OAuth - Signs the user in, and if user doesn't exist it will automatically sign them up
- Sign In / OAuth - Signs the user in, but if the user doesn't exist it will fail.
- Update User / OAuth - Will merge OAuth identity to an existing user
How to Use OAuth Actions
To learn more about Actions in general, you can refer to our guide on them.
Most of these actions are pretty simple, and you can drop them in your application like any other Action.
This is an example of using the Sign Up or In action in a flow:
Merge without a Common Identifier
When you select Merge without a common identifier in the Update User / OAuth flow action, it will allow you to merge the latest OAuth user identity with another user, even if that user doesn't possess the same email/phone number.
Prompt
All OAuth actions can include a Prompt parameter, that can alter the behavior of the OIDC provider when redirecting to it. The different values can be:
- Login - The login prompt forces the user to re-authenticate, regardless of whether they are already logged in or have an active session with the OAuth provider.
- Consent - The consent prompt forces the OAuth provider to re-display the consent screen, asking the user to agree to the requested permissions (scopes) again, even if they have already granted consent.
- Select Account - The select_account prompt forces the user to select which account they want to use if they have multiple accounts logged in with the OAuth provider.
- None - The none prompt forces the authentication to complete without showing any UI to the user.
Use a Default Provider
You can specify a specific Default
or Custom
provider to redirect to with any of the Descope OAuth flow actions. This can ensure that specific buttons in screens redirect to specific OAuth providers.
This is not needed if using the pre-generated OAuth provider buttons in the Screen editor, as these are automatically mapped to their corresponding provider internally to be used with actions.
Flow Screens
When using OAuth, you can use the either the Default Provider buttons or normal buttons and connect them to the various OAuth actions mentioned above.
Error Handling
Error handling is handled like any other action. You can refer to our Flow Error Handling guide for more details.