Identity provider details
Even though OAuth is a standard, IdPs can sometimes vary in data models and nomenclature within their own implementations. Stytch normalizes values and behavior as much as possible to ensure that you have a smooth integration with whichever providers you use. The list below lists each OAuth provider we support and lets you know which values you should expect to see returned for each provider and the default session length. ”—” indicates that the value is not applicable to the provider in question.| Provider | access_token | refresh_token | jwt | Session length |
|---|---|---|---|---|
| Returned | Returned | Returned* | 1 hour | |
| Amazon | Returned | Returned | — | 24 hours |
| Apple | Returned | Returned | — | Until revoked |
| Bitbucket | Returned | Returned | — | 2 hours |
| Coinbase | Returned | Returned | — | 2 hours |
| Discord | Returned | Returned | — | 7 days |
| Facebook (Meta) | Returned | — | — | 2 months |
| GitHub | Returned | — | — | Until revoked |
| GitLab | Returned | Returned | — | 2 hours |
| Returned | Returned | — | 60 days | |
| Microsoft | Returned | Returned* | — | 60-90 minutes |
| Salesforce | Returned | — | — | Until revoked |
| Slack | Returned | — | — | Until revoked |
| Twitch | Returned | Returned | — | 60 days |
| Yahoo | Returned | Returned | Returned | 1 hour |
Google
Google offers two pathways for a user to authenticate, a traditional OAuth flow with a consent pane, or via Google One Tap. If a user enters through the Google One Tap flow, you will only receive a
jwt and no access_token or refresh_token; you will not be able to leverage Google’s API.Default Scopesopen_idemailprofile
Amazon
Amazon
Log in with Amazon lets users log in with their Amazon customer accounts and offers data like name, email address, and zip code to build a more personalized experience.Default Scopes
profile
Apple
Apple
Allow your users to log in with their Apple accounts. Apple does not offer any additional scopes. Note that Apple allows users to obfuscate their email address, and you may receive an email address like
h79gps7k78@privaterelay.appleid.com. See the Resources section below to learn more.Default Scopesnameemail
Bitbucket
Bitbucket
Log in with Bitbucket let’s you build exciting tools on top of Atlassian’s Bitbucket source control product.Default Scopes
accountemail
Coinbase
Coinbase
Log in with Coinbase let’s users easily and securely sign in to your app and lets you integrate Coinbase supported cryptocurrencies into your applications.Default Scopes
accountemail
Discord
Discord
Discord OAuth login allows users to log into your app with their Discord account.Default Scopes
identifyemail
Facebook
Facebook OAuth login allows users to log into your app with their Facebook account.Default Scopes
public_profileemail
GitHub
GitHub
GitHub OAuth login allows users to log into your app with their GitHub account.Default Scopes
user:email
GitLab
GitLab
GitLab OAuth login allows users to log into your app with their GitLab account.Default Scopes
open_idemailprofile
LinkedIn
LinkedIn OAuth login allows users to log into your app with their LinkedIn account.Default Scopes
r_liteprofiler_emailaddress
Microsoft
Microsoft
Log in with Microsoft helps your users sign in easily with their corporate or person Microsoft accounts and lets you leverage Microsoft’s Graph API.Default Scopes
open_idemailprofile
Salesforce
Salesforce
Log in with Salesforce let’s your users log in with their Salesforce accounts.Default Scopes
idopenid
Slack
Slack
Log in with Slack let’s your users log in with their Slack accounts.Default Scopes
openidemailprofile
Twitch
Twitch
Log in with Twitch let’s your users log in with their Twitch accounts.Default Scopes
accountemail
Yahoo
Yahoo
Log in with Yahoo let’s your users log in with their Yahoo accounts.Default Scopes
accountemailprofile