Social Sign-on Integration

Apple

Prerequisite

To configure "Sign in with Apple" for Authgear, you will need to fulfil the following:

  1. Register an Apple Developer Account. Apple Enterprise Account does not support "Sign in with Apple"

  2. Register your own domain.

  3. Your domain must be able to send and receive emails.

  4. Set up Sender Policy Framework(SPF) for your domain.

  5. Set up DomainKeys Identified Mail(DKIM) for your domain.

  6. Create an "App ID" by adding a new "Identifier" here, choose app IDs, enable "Sign in with Apple" enabled.

  7. Create a "Services ID" by adding a new "Identifier" here, choose service IDs, enable "Sign in with Apple".

  8. Click "Configure" the Next to "Sign in with Apple". In "Primary App ID" field, select app ID created above.

  9. Fill in and verify the domain created above, add https://{your domain}/sso/oauth2/callback/{alias} to "Return URLs" (alias can be configured in Authgear portal)

  10. Create a "Key" following this guide with "Sign in with Apple" enabled. Click "Configure" next to "Sign in with Apple" and select "Primary App ID" with app ID created above. Keep the private key safe, you need to provide this later.

Configure "Sign in with Apple" through the portal

In the portal, go to "Single-Sign On" page, then do the following:

  1. Enable "Sign in with Apple"

  2. Fill in "Alias" with alias used in redirect URI

  3. Fill in "Client ID" field with "Service ID" above

  4. In Apple Developer Portal, view key information of the "Key" created above

  5. Jot down the "Key ID" and download the key text file (.p8 file)

  6. Copy the content in the key file to "Client Secret" text area in Authgear portal

  7. Fill in "Key ID" field using "Key ID" from step 4

  8. In Apple Developer Portal, click username on the top right corner, click "View Membership"

  9. Find the "Team ID" from "Membership Information", fill in "Team ID" field in Authgear portal

  10. Scroll to the bottom, and click save

Google

Prerequisite

To configure Google OAuth client for Authgear, you will need to create an OAuth client on Google Cloud Platform.

  1. Create a project on Google Cloud Platform through console

  2. Select APIs & services -> Credentials

  3. Click "Create Credentials" and choose OAuth client ID and follow the instructions

  4. Add https://{your domain}/sso/oauth2/callback/{alias} to "redirect URIs" (alias can be configured in Authgear portal)

  5. After creating a client ID, you will find the client ID in "OAuth 2.0 Client IDs" section in "Credentials" page.

You can find more details in official Google Cloud Platform doc

Configure Sign in with Google through the portal

After creating an OAuth client, click the name of OAuth client to view the details (see image below)

gcp-oauth-client-details

You will need the following fields:

  1. "Client ID"

  2. "Client secret"

In the portal, go to "Single-Sign On" page, then do the following:

  1. Enable "Sign in with Google"

  2. Fill in "Alias" with alias used in redirect URI

  3. Fill in the client ID field and client secret field

  4. Scroll to the bottom and click save

Facebook

Prerequisite

To configure "Login with Facebook" for Authgear, you will need the following

  1. Go to app dashboard, click plus button next to "Product" in the sidebar, add "Facebook Login".

  2. Then go to "Settings" of "Facebook Login", add https://{your domain}/sso/oauth2/callback/{alias} to "Valid OAuth Redirect URIs" (alias can be configured in Authgear portal)

Configure Login with Facebook through the portal

In Authgear portal, go to "Single-Sign On" page, then do the following:

  1. Enable "Login with Facebook"

  2. In the app dashboard of your app in the Facebook developer portal, click "Settings" in the sidebar and click "Basic"

  3. In Authgear portal, fill in "Alias" with alias used in redirect URI

  4. Fill in "Client ID" with "App ID"

  5. Fill in "Client Secret" with "App Secret"

  6. Scroll to the bottom and click save

Linkedin

Prerequisite

  1. Create an app here

  2. In the "Products" section, choose "Sign In with LinkedIn"

  3. In the details page of the created app, click "Auth" tab

  4. Take notes of "Client ID" and "Client Secret", add {Authgear domain}/sso/oauth2/callback/{alias} to "Redirect URLs" in "OAuth 2.0 settings" section (alias can be configured in Authgear portal)

Configure Sign in with LinkedIn through the portal

In Authgear portal, go to "Single-Sign On" page, then do the following:

  1. Enable "Sign in with LinkedIn"

  2. Fill in "Alias" with alias used in redirect URI

  3. Fill in "Client ID" and "Client Secret"

  4. Scroll down and click save

Azure Active Directory

Prerequisite

  1. Create an Azure Active Directory (Azure AD) account here

  2. Setup a tenant by completing Quickstart: Set up a tenant

  3. Choose "Supported account type", the following options are supported:

    • Accounts in this organizational directory only (Contoso AD (dev) only - Single tenant)

    • Accounts in this organizational directory (Any Azure AD directory - Multitenant)

    • Accounts in this organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)

    "Personal Microsoft accounts only" is not supported yet. Remember the account type chosen as this affects the configuration on Authgear portal

  4. Configure "Redirect URI" with {Authgear domain}/sso/oauth2/callback/{alias} (alias can be configured in Authgear portal)

  5. Follow this section to add a client secret. Remember to record the secret value when you add the client secret, as it will not be displayed again. This will be needed for configure OAuth client in Authgear.

Configure Sign in with Microsoft through the portal

In the Azure portal, go to the details page of your app, you can find:

  1. Application (client) ID

  2. Directory (tenant) ID

Then in Authgear portal, go to "Single-Sign On" page, and do the following:

  1. Enable "Sign in with Microsoft"

  2. Fill in "Alias" with alias used in redirect URI

  3. Fill in "Client ID" with "Application (client) ID" above

  4. Fill in "Client secret" with the secret you get after creating a client secret for your app.

  5. For "Tenant" field:

    • If single tenant (first option) is chosen, input the "Directory (tenant) ID"

    • If multi tenant (second option) is chosen, input the string "organizations"

    • If multi tenant and personal account (third option) is chosen, input the string "common"

  6. Scroll down and click save

Notes

  • "alias" is used as the identifier of OAuth provider

  • Redirect URI has the form "/sso/oauth2/callback/:alias"