Consumer Authentication

/

Guides

/

Authentication

/

OAuth

/

Identity provider overview

Identity provider overview

Identity providers (IdPs), like Google, Apple, and GitHub, maintain user identity information and offer authentication services to developers and applications, so called relying parties.

OAuth consent start screen

This let's your users use a Single Sign-On (SSO) to login to your app without going through the extra step of creating an identity directly with your app.

In addition to offering identity management, IdPs often expose extensive functionality in their platform via API, e.g. reading and creating Google Calendar events or creating repos within GitHub. When you use Stytch OAuth, we automatically initiate a session with the IdP and return the necessary tokens to build on top of the provider's API.

Identity provider details table

Even though OAuth is a standard, IdPs can sometimes vary in data models and nomenclature within their own implementations. Stytch normalizes values and behavior as much as possible to ensure that you have a smooth integration with whichever providers you use.

The table below lists each OAuth provider we support and lets you know which values you should expect to see returned for each provider and the default session length. "—" indicates that the value is not applicable to the provider in question.

The access_token will be used to authenticate calls for a given user with the provider.

The refresh_token, if returned, will allow you to refresh a given session and keep it active. If the session lapses, you'll need to prompt the user to log in again via Stytch with the provider.

A JSON Web Token (jwt) offers a collection of information about a given session. Read more about JWTs returned by each provider in their section below.

Google offers two pathways for a user to authenticate, a traditional OAuth flow with a consent pane, or via Google One Tap. If a user enters through the Google One Tap flow, you will only receive a jwt and no access_token or refresh_token; you will not be able to leverage Google's API.

DEFAULT SCOPES

  • open_id
  • email
  • profile

RESOURCES

Stytch API referenceGmail API documentation

Log in with Amazon lets users log in with their Amazon customer accounts and offers data like name, email address, and zip code to build a more personalized experience.

DEFAULT SCOPES

  • profile

RESOURCES

Stytch API referenceAmazon scopesLog in with Amazon overview

Allow your users to log in with their Apple accounts. Apple does not offer any additional scopes. Note that Apple allows users to obfuscate their email address, and you may receive an email address like h79gps7k78@privaterelay.appleid.com. See the Resources section below to learn more.

DEFAULT SCOPES

  • name
  • email

RESOURCES

Stytch API referenceSign in with Apple overviewHow Hide my Email works

Log in with Bitbucket let's you build exciting tools on top of Atlassian's Bitbucket source control product.

DEFAULT SCOPES

  • account
  • email

RESOURCES

Stytch API referenceBitbucket scopesBitbucket API documentation

Log in with Coinbase let's users easily and securely sign in to your app and lets you integrate Coinbase supported cryptocurrencies into your applications.

DEFAULT SCOPES

  • account
  • email

RESOURCES

Stytch API referenceCoinbase scopesCoinbase API documentation

Discord OAuth login allows users to log into your app with their Discord account.

DEFAULT SCOPES

  • identify
  • email

RESOURCES

Stytch API referenceDiscord scopesDiscord API documentation

Facebook Login is a fast and convenient way for your users to create accounts and log into your app.

DEFAULT SCOPES

  • public_profile
  • email

RESOURCES

Stytch API referenceFacebook scopesFacebook API documentation

GitHub OAuth allows you to reach developers where they are and build amazing functionality on top of GitHub's API.

DEFAULT SCOPES

  • user:email

RESOURCES

Stytch API referenceGitHub scopesGitHub API documentation

GitLab OAuth unlocks amazing functionality within GitLab's fully featured API.

DEFAULT SCOPES

  • open_id
  • email
  • profile

RESOURCES

Stytch API referenceGitLab scopesGitLab API documentation

Log in via LinkedIn enables your application to reach the world's largest professional network.

DEFAULT SCOPES

  • r_liteprofile
  • r_emailaddress

RESOURCES

Stytch API referenceLinkedIn scopesLinkedIn API documentation

Log in with Microsoft helps your users sign in easily with their corporate or person Microsoft accounts and lets you leverage Microsoft's Graph API. *To receive a refresh_token, request the offline_access custom scopes value.

DEFAULT SCOPES

  • open_id
  • email
  • profile

RESOURCES

Stytch API referenceMicrosoft scopesMicrosoft API documentationoffline_access Custom scope

Log in with Salesforce let's your users log in with their Salesforce accounts.

DEFAULT SCOPES

  • id
  • openid

RESOURCES

Stytch API referenceSalesforce scopesSalesforce API documentation

Log in with Slack let's your users log in with their Slack accounts.

DEFAULT SCOPES

  • openid
  • email
  • profile

RESOURCES

Stytch API referenceSlack scopesSlack API documentation

Log in with Twitch let's your users log in with their Twitch accounts.

DEFAULT SCOPES

  • account
  • email

RESOURCES

Stytch API referenceTwitch scopesTwitch API documentation

Log in with Yahoo let's your users log in with their Yahoo accounts.

DEFAULT SCOPES

  • account
  • email
  • profile

RESOURCES

Stytch API referenceYahoo API documentation