OAuth (Social Login) with Flows

This guide will walk you through integrating OAuth-based social login into your Descope Flows. OAuth social login allows your users to authenticate using their existing accounts with popular social platforms like Google, Facebook, and GitHub.

Flow Actions

When using OAuth Login, you have the standard actions for most authentication methods available.

  • Sign Up / OAuth - Signs the user up, but will not work if user already exists
  • Sign Up or In / OAuth - Signs the user in, and if user doesn't exist it will automatically sign them up
  • Sign In / OAuth - Signs the user in, but if the user doesn't exist it will fail.
  • Update User / OAuth - Will merge OAuth identity to an existing user

How to Use OAuth Actions

To learn more about Actions in general, you can refer to our guide on them.

Most of these actions are pretty simple, and you can drop them in your application like any other Action.

This is an example of using the Sign Up or In action in a flow:

sign-up-or-in-flow-action

Merge without a Common Identifier

When you select Merge without a common identifier in the Update User / OAuth flow action, it will allow you to merge the latest OAuth user identity with another user, even if that user doesn't possess the same email/phone number.

Prompt

All OAuth actions can include a Prompt parameter, that can alter the behavior of the OIDC provider when redirecting to it. The different values can be:

  • Login - The login prompt forces the user to re-authenticate, regardless of whether they are already logged in or have an active session with the OAuth provider.
  • Consent - The consent prompt forces the OAuth provider to re-display the consent screen, asking the user to agree to the requested permissions (scopes) again, even if they have already granted consent.
  • Select Account - The select_account prompt forces the user to select which account they want to use if they have multiple accounts logged in with the OAuth provider.

Use a Default Provider

You can specify a specific Default or Custom provider to redirect to with any of the Descope OAuth flow actions. This can ensure that specific buttons in screens redirect to specific OAuth providers. This is not needed if using the pre-generated OAuth provider buttons in the Screen editor, as these are automatically mapped to their corresponding provider internally to be used with actions.

Flow Screens

When using OAuth, you can use the either the Default Provider buttons or normal buttons and connect them to the various OAuth actions mentioned above.

default-provider-buttons

Error Handling

Error handling is handled like any other action. You can refer to our Flow Error Handling guide for more details.

Was this helpful?

On this page