OAuth Overview
OAuth, otherwise known as Social Login or Social SSO, is an easy way for end users to sign-up and login to your application through their authenticated identity on common OAuth providers, such as Google or Microsoft.
API Objects & Endpoints
API Resources | Description |
|---|---|
A top-level tenant that groups members, auth settings, roles, and other identity configurations. | |
Represents an authenticated user who is a member of a specific Organization. | |
A collection of OAuth endpoints for login and signup via social identity providers. | |
A managed session that tracks a Member's logged-in state using JWTs or session tokens. |
How It Works
In Stytch’s B2B product there are two different versions of the OAuth authentication flow:
- Discovery Authentication: used for self-serve organization creation or login without Organization context
- Organization-specific Authentication: used when you already know the Organization that the end user is trying to log into
Both flows support OAuth, allow end users to accepting pending invites or Just-in-Time (JIT) Provision by email domain, and finish with the end user authenticated in a specific Organization. However, Discovery involves one additional step to surface the end user's "discovered organizations" that they are eligible to login to and also allows self-serve organization creation.
Summary of Key Differences
Each guide walks through both OAuth flows in detail for the integration method chosen. However, for a quick overview of differences see the table below:
Discovery | Organization-Specific | |
|---|---|---|
OAuth Start Initiated With | public_token | public_token and organization_id OR slug |
Redirect URL Used for Callback | Discovery | Login or Sign-up |
Stytch Token Type | discovery_oauth | oauth |
Authenticate Method | oauth.discovery.authenticate() | oauth.authenticate() |
Access and Refresh Token | Retrieve via Get Access Token APIs after organization selection | Returned in oauth.authenticate() response, or can retrieve via Get Access Token APIs |