/
Contact usSee pricingStart building

    About B2B Saas Authentication

    Introduction
    Stytch B2B Basics
    Integration Approaches
      Full-stack overview
      Frontend (pre-built UI)
      Frontend (headless)
      Backend
    Next.js
      Routing
      Authentication
      Sessions
    Migrations
      Overview
      Reconciling data models
      Migrating user data
      Additional migration considerations
      Zero-downtime deployment
      Exporting from Stytch

    Authentication

    Single Sign On

    • Resources

        • Overview

    • Integration Guides

        • Start here
        Backend integration guide
        Headless integration guide
        Pre-built UI integration guide
    OAuth

    • Resources

        • Overview
        Authentication flows
        Identity providers
        Google One Tap
        Provider setup

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Sessions

    • Resources

        • Overview
        JWTs vs Session Tokens
        How to use Stytch JWTs
        Custom Claims

    • Integration Guides

        • Start here
        Backend integration
        Frontend integration
    Email OTP
      Overview
    Magic Links

    • Resources

        • Overview
        Email Security Scanner Protections

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Multi-Factor Authentication

    • Resources

        • Overview

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Passwords
      Overview
      Strength policies
    UI components
      Overview
      Implement the Discovery flow
      Implement the Organization flow
    DFP Protected Auth
      Overview
      Setting up DFP Protected Auth
      Handling challenges
    M2M Authentication
      Authenticate an M2M Client
      Rotate client secrets
      Import M2M Clients from Auth0

    Authorization & Provisioning

    RBAC

    • Resources

        • Overview
        Stytch Resources & Roles
        Role assignment

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
    SCIM

    • Resources

        • Overview
        Supported actions

    • Integration Guides

        • Using Okta
        Using Microsoft Entra
    Organizations
      Managing org settings
      JIT Provisioning

    Testing

    E2E testing
    Sandbox values

Get support on Slack

Visit our developer forum

Contact us

B2B Saas Authentication

/

Guides

/

Authentication

/

OAuth

/

Resources

/

Provider setup

OAuth Provider Setup

Google

Follow these steps if you have not created a Google OAuth client yet.

  1. Create a Google Cloud account and project if you have not already done so.
  2. Configure your OAuth consent screen if you have not already done so. More info
  3. Go to the Google Credentials page for your application. Click on CREATE CREDENTIALS and then select OAuth Client ID. Google Create Credentials
  4. Select Web Application as the application type (regardless of if it is a mobile or non-web application) and enter a name for your OAuth client.
  5. Copy-paste the Redirect URI from the Dashboard into your OAuth configuration under the Authorized redirect URIs section. Google Authorized Redirect URIs
  6. Click create to save the configuration.
  7. Optional: If you want the Stytch SDK to support Google One Tap, add your application's URI as an Authorized JavaScript Origin. Read more about One Tap. Google Authorized Javascript Origins

Follow these steps if you already have an existing Google OAuth client.

  1. Go to the Google Credentials page for your application. You should see your OAuth client under the OAuth 2.0 Client IDs section. Google Create Credentials
  2. Click on the OAuth client to edit its configuration.
  3. Copy-paste the Redirect URI from the Dashboard into your OAuth configuration under the Authorized redirect URIs section. Google Authorized Redirect URIs
  4. Click to save the configuration.
  5. Optional: If you want the Stytch SDK to support Google One Tap, add your application's URI as an Authorized JavaScript Origin. Read more about One Tap. Google Authorized Javascript Origins

GitHub

Follow these steps if you have not created a Github OAuth client yet.

  1. Navigate to Github OAuth Applications. For more information, check out Github's Creating an OAuth App guide here.
  2. Click New OAuth App or Register a new application depending on if you have other applications or not.
  3. Copy-paste the Redirect URI from the Dashboard into the Authorization callback URL field Fill in remaining fields how you see fit.

Follow these steps if you already have an existing Github OAuth client.

  1. Navigate to Github OAuth Applications. If you're using an organization OAuth Application, navigate to the organization's Developer Settings tab. Note: this requires admin privileges.
  2. Click on the application you'd like to use.
  3. Copy-paste the Redirect URI from the Dashboard into the Authorization callback URL field.

Hubspot

Follow these steps if you have not created a Hubspot OAuth client yet.

  1. Create or navigate to your Hubspot developer account.
  2. Go to the "Apps" tab and click "Create app".
  3. In the "Auth" tab of the App creation screen, scroll down to "Redirect URLs".
  4. Copy-paste the Redirect URI from the Dashboard and use it to populate a Redirect URL in the App configuration.
  5. Complete the creation of your App by clicking "Create App" at the bottom of the page.

Follow these steps if you already have an existing Hubspot OAuth client.

  1. Navigate to your Hubspot account. Go to the "Apps" tab and click on your app.
  2. Click on the "Auth" tab and scroll down to "Redirect URLs".
  3. Copy-paste the Redirect URI from the Dashboard and use it to populate a Redirect URL in the App configuration.

Microsoft

Follow these steps if you have not created a Microsoft OAuth client yet.

  1. Create a Microsoft Azure account if you have not already done so.
  2. Navigate to Azure Active Directory to create a Microsoft application.
  3. Click New registration. New Microsoft Registration
  4. Enter a name for your OAuth client.
  5. Select "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)". Select Account Type
  6. Under the Redirect URI section, select Web and then copy-paste the Redirect URI from the Dashboard into the URI field. Redirect URI
  7. Click Register to save the configuration.

Follow these steps if you already have an existing Microsoft OAuth client.

  1. Navigate to Azure Active Directory and select your Microsoft application.
  2. Ensure that the Supported account types section is set to "All microsoft account users". If it’s not, navigate to the Manifest tab, set the "signInAudience" value to "AzureADandPersonalMicrosoftAccount", and save. Supported Account Types Sign in audience
  3. In your OAuth client configuration, select the link next to the Redirect URIs section. Then select Add a platform and finally select Web. Add a redirect URI Add a platform
  4. Copy-paste the Redirect URI from the Dashboard into the URI field. Configure redirect URIs
  5. Click Configure to save the URI.

Slack

Follow these steps if you have not created a Slack OAuth client yet.

  1. Navigate to Slack OAuth Applications. For more information, check out Slack's Creating an OAuth App guide here.
  2. Select Create New App and choose to create it From scratch. Enter desired App Name and Slack Workspace.
  3. You will be redirected to the configuration page for your new App. On the left-hand sidebar, navigate to OAuth & Permissions.
  4. Scroll down to Redirect URLs and click Add New Redirect URL. Copy-paste the Redirect URI from the Dashboard, then click Save URLs.
  5. In the Scopes section under User Token Scopes add at least the following scopes: users:read, users:read.email.

Follow these steps if you already have an existing Slack OAuth client.

  1. Navigate to Slack OAuth Applications and select the OAuth App you will be using.
  2. On the left-hand sidebar, navigate to OAuth & Permissions.
  3. Scroll down to Redirect URLs and click Add New Redirect URL. Copy-paste the Redirect URI from the Dashboard, then click Save URLs.
  4. In the Scopes section under User Token Scopes add at least the following scopes: users:read, users:read.email.

Google

GitHub

Hubspot

Microsoft

Slack