/
Contact usSee pricingStart building
Node
​

    About Stytch

    Introduction
    Integration Approaches
      Full-stack overview
      Frontend (pre-built UI)
      Frontend (headless)
      Backend
    Migrations
      Migration overview
      Migrating users statically
      Migrating users dynamically
      Additional migration considerations
      Zero-downtime deployment
      Defining external IDs for users
      Exporting from Stytch
    Custom Domains
      Overview

    Authentication

    DFP Protected Auth
      Overview
      Setting up DFP Protected Auth
      Handling challenges
    Magic Links

    • Email Magic Links

        • Getting started with the API
        Getting started with the SDK
        Replacing your password reset flow
        Building an invite user flow
        Add magic links to an existing auth flow
        Adding PKCE to a Magic Link flow
        Magic Link redirect routing

    • Embeddable Magic Links

        • Getting started with the API
    MFA
      Overview
      Backend integration
      Frontend integration
    Mobile Biometrics
      Overview
    M2M Authentication
      Authenticate an M2M Client
      Rotate client secrets
      Import M2M Clients from Auth0
    OAuth

    • Identity providers

        • Overview
        Provider setup
      Getting started with the API (Google)
      Add Google One Tap via the SDK
      Email address behavior
      Adding PKCE to an OAuth flow
    Connected AppsBeta
      Setting up Connected Apps
      About Remote MCP Servers

    • Resources

        • Integrate with AI agents
        Integrate with MCP servers
        Integrate with CLI Apps
    Passcodes
      Getting started with the API
      Getting started with the SDK

    • Toll fraud

        • What is SMS toll fraud?
        How you can prevent toll fraud
      Unsupported countries
    Passkeys & WebAuthn

    • Passkeys

        • Passkeys overview
        Set up Passkeys with the frontend SDK

    • WebAuthn

        • Getting started with the API
        Getting started with the SDK
    Passwords
      Getting started with the API
      Getting started with the SDK
      Password strength policy

    • Email verification

        • Overview
        Email verification before password creation
        Email verification after password creation
    Sessions
      How to use sessions
      Backend integrations
      Frontend integrations
      Custom claims
      Custom claim templates
      Session tokens vs JWTs
      How to use Stytch JWTs
    TOTP
      Getting started with the API
      Getting started with the SDK
    Web3
      Getting started with the API
      Getting started with the SDK

    Authorization

    Implement RBAC with metadata

    3rd Party Integrations

    Planetscale
    Supabase
    Feathery
    Unit

    Testing

    E2E testing
    Sandbox values
Get support on SlackVisit our developer forum

Contact us

Consumer Authentication

/

Guides

/

Authentication

/

OAuth

/

Identity providers

/

Overview

Identity provider overview

Identity providers (IdPs), like Google, Apple, and GitHub, maintain user identity information and offer authentication services to developers and applications, so called relying parties.

OAuth consent start screen

This let's your users use a Single Sign-On (SSO) to login to your app without going through the extra step of creating an identity directly with your app.

In addition to offering identity management, IdPs often expose extensive functionality in their platform via API, e.g. reading and creating Google Calendar events or creating repos within GitHub. When you use Stytch OAuth, we automatically initiate a session with the IdP and return the necessary tokens to build on top of the provider's API.

Identity provider details table

Even though OAuth is a standard, IdPs can sometimes vary in data models and nomenclature within their own implementations. Stytch normalizes values and behavior as much as possible to ensure that you have a smooth integration with whichever providers you use.

The table below lists each OAuth provider we support and lets you know which values you should expect to see returned for each provider and the default session length. "—" indicates that the value is not applicable to the provider in question.

The access_token will be used to authenticate calls for a given user with the provider.

The refresh_token, if returned, will allow you to refresh a given session and keep it active. If the session lapses, you'll need to prompt the user to log in again via Stytch with the provider.

A JSON Web Token (jwt) offers a collection of information about a given session. Read more about JWTs returned by each provider in their section below.

Google offers two pathways for a user to authenticate, a traditional OAuth flow with a consent pane, or via Google One Tap. If a user enters through the Google One Tap flow, you will only receive a jwt and no access_token or refresh_token; you will not be able to leverage Google's API.

DEFAULT SCOPES

  • open_id
  • email
  • profile

RESOURCES

Stytch API referenceGmail API documentation

Log in with Amazon lets users log in with their Amazon customer accounts and offers data like name, email address, and zip code to build a more personalized experience.

DEFAULT SCOPES

  • profile

RESOURCES

Stytch API referenceAmazon scopesLog in with Amazon overview

Allow your users to log in with their Apple accounts. Apple does not offer any additional scopes. Note that Apple allows users to obfuscate their email address, and you may receive an email address like h79gps7k78@privaterelay.appleid.com. See the Resources section below to learn more.

DEFAULT SCOPES

  • name
  • email

RESOURCES

Stytch API referenceSign in with Apple overviewHow Hide my Email works

Log in with Bitbucket let's you build exciting tools on top of Atlassian's Bitbucket source control product.

DEFAULT SCOPES

  • account
  • email

RESOURCES

Stytch API referenceBitbucket scopesBitbucket API documentation

Log in with Coinbase let's users easily and securely sign in to your app and lets you integrate Coinbase supported cryptocurrencies into your applications.

DEFAULT SCOPES

  • account
  • email

RESOURCES

Stytch API referenceCoinbase scopesCoinbase API documentation

Discord OAuth login allows users to log into your app with their Discord account.

DEFAULT SCOPES

  • identify
  • email

RESOURCES

Stytch API referenceDiscord scopesDiscord API documentation

Facebook Login is a fast and convenient way for your users to create accounts and log into your app.

DEFAULT SCOPES

  • public_profile
  • email

RESOURCES

Stytch API referenceFacebook scopesFacebook API documentation

GitHub OAuth allows you to reach developers where they are and build amazing functionality on top of GitHub's API.

DEFAULT SCOPES

  • user:email

RESOURCES

Stytch API referenceGitHub scopesGitHub API documentation

GitLab OAuth unlocks amazing functionality within GitLab's fully featured API.

DEFAULT SCOPES

  • open_id
  • email
  • profile

RESOURCES

Stytch API referenceGitLab scopesGitLab API documentation

Log in via LinkedIn enables your application to reach the world's largest professional network.

DEFAULT SCOPES

  • r_liteprofile
  • r_emailaddress

RESOURCES

Stytch API referenceLinkedIn scopesLinkedIn API documentation

Log in with Microsoft helps your users sign in easily with their corporate or person Microsoft accounts and lets you leverage Microsoft's Graph API. *To receive a refresh_token, request the offline_access custom scopes value.

DEFAULT SCOPES

  • open_id
  • email
  • profile

RESOURCES

Stytch API referenceMicrosoft scopesMicrosoft API documentationoffline_access Custom scope

Log in with Salesforce let's your users log in with their Salesforce accounts.

DEFAULT SCOPES

  • id
  • openid

RESOURCES

Stytch API referenceSalesforce scopesSalesforce API documentation

Log in with Slack let's your users log in with their Slack accounts.

DEFAULT SCOPES

  • openid
  • email
  • profile

RESOURCES

Stytch API referenceSlack scopesSlack API documentation

Log in with Twitch let's your users log in with their Twitch accounts.

DEFAULT SCOPES

  • account
  • email

RESOURCES

Stytch API referenceTwitch scopesTwitch API documentation

Log in with Yahoo let's your users log in with their Yahoo accounts.

DEFAULT SCOPES

  • account
  • email
  • profile

RESOURCES

Stytch API referenceYahoo API documentation