/
Contact usSee pricingStart building
Node
​

    About Stytch

    Introduction
    Integration Approaches
      Full-stack overview
      Frontend (pre-built UI)
      Frontend (headless)
      Backend
    Migrations
      Migration overview
      Migrating users statically
      Migrating users dynamically
      Additional migration considerations
      Zero-downtime deployment
      Exporting from Stytch

    Authentication

    DFP Protected Auth
      Overview
      Setting up DFP Protected Auth
      Handling challenges
    Magic Links

    • Email Magic Links

        • Getting started with the API
        Getting started with the SDK
        Replacing your password reset flow
        Building an invite user flow
        Add magic links to an existing auth flow
        Adding PKCE to a Magic Link flow
        Magic Link redirect routing

    • Embeddable Magic Links

        • Getting started with the API
    MFA
      Overview
      Backend integration
      Frontend integration
    Mobile Biometrics
      Overview
    M2M Authentication
      Authenticate an M2M Client
      Rotate client secrets
      Import M2M Clients from Auth0
    OAuth

    • Identity providers

        • Overview
        Provider setup
      Getting started with the API (Google)
      Add Google One Tap via the SDK
      Email address behavior
      Adding PKCE to an OAuth flow
    Passcodes
      Getting started with the API
      Getting started with the SDK

    • Toll fraud

        • What is SMS toll fraud?
        How you can prevent toll fraud
      Unsupported countries
    Passkeys & WebAuthn

    • Passkeys

        • Passkeys overview
        Set up Passkeys with the frontend SDK

    • WebAuthn

        • Getting started with the API
        Getting started with the SDK
    Passwords
      Getting started with the API
      Getting started with the SDK
      Password strength policy

    • Email verification

        • Overview
        Email verification before password creation
        Email verification after password creation
    Sessions
      How to use sessions
      Session management examples
      Custom claims
      Custom claim templates
      Session tokens vs JWTs
      How to use Stytch JWTs
    TOTP
      Getting started with the API
      Getting started with the SDK
    Web3
      Getting started with the API
      Getting started with the SDK

    Authorization

    Implement RBAC with metadata

    3rd Party Integrations

    Planetscale
    Supabase
    Feathery
    Unit

    Testing

    E2E testing
    Sandbox values

Get support on Slack

Visit our developer forum

Contact us

Consumer Authentication

/

Guides

/

Authentication

/

OAuth

/

Identity providers

/

Provider setup

OAuth Provider Setup

Google

Follow these steps if you have not created a Google OAuth client yet.

  1. Create a Google Cloud account and project if you have not already done so.
  2. Configure your OAuth consent screen if you have not already done so. More info
  3. Go to the Google Credentials page for your application. Click on CREATE CREDENTIALS and then select OAuth Client ID. Google Create Credentials
  4. Select Web Application as the application type (regardless of if it is a mobile or non-web application) and enter a name for your OAuth client.
  5. Copy-paste the Redirect URI from the Dashboard into your OAuth configuration under the Authorized redirect URIs section. Google Authorized Redirect URIs
  6. Click create to save the configuration.
  7. Optional: If you want the Stytch SDK to support Google One Tap, add your application's URI as an Authorized JavaScript Origin. Read more about One Tap. Google Authorized Javascript Origins

Follow these steps if you already have an existing Google OAuth client.

  1. Go to the Google Credentials page for your application. You should see your OAuth client under the OAuth 2.0 Client IDs section. Google Create Credentials
  2. Click on the OAuth client to edit its configuration.
  3. Copy-paste the Redirect URI from the Dashboard into your OAuth configuration under the Authorized redirect URIs section. Google Authorized Redirect URIs
  4. Click to save the configuration.
  5. Optional: If you want the Stytch SDK to support Google One Tap, add your application's URI as an Authorized JavaScript Origin. Read more about One Tap. Google Authorized Javascript Origins

Amazon

Follow these steps if you have not created a Amazon OAuth client yet.

  1. Navigate to Login with Amazon OAuth Applications. For more information, check out Amazon's Login With Amazon guide here.
  2. Click Create a New Security Profile with your application name, description, and privacy notice URL. Then click the gear icon and select web settings for your security profile.
  3. Copy-paste the Redirect URI from the Dashboard into the Allowed Return URLs section by clicking Edit.

Follow these steps if you already have an existing Amazon OAuth client.

  1. Navigate to Login with Amazon OAuth Applications.
  2. Click the gear icon and select web settings for your security profile.
  3. Navigate to web settings for your application.
  4. Copy-paste the Redirect URI from the Dashboard into the Allowed Return URLs section by clicking Edit.

Apple

If you don’t already have an Apple Developer account with an app set up, begin at Step 1. If you already have an account and an App ID, skip ahead to Step 5.

  1. Create an Apple Developer account if you have not already done so. You will need an Apple ID with two-factor authentication turned on.
  2. Log in to your App Store Connect account with your Apple ID.
  3. In the developer portal, go to your Identifiers page. Click the blue plus sign next to the "Identifiers" header to create a new identifier. Register this identifier as an App ID and click Continue. Then, select the type App and click Continue. Apple Select App Type
  4. Create a description for this App ID that allows you to identify it easily, and a bundle ID that’s a reverse-domain style string. For example, if your domain is yourcompany.com, and your app is called your app, your reverse-domain bundle ID should be com.yourcompany.yourapp. Under the Capabilities section, check the box for "Sign in with Apple" and make sure that “Enable as a primary App ID” is selected. Click Continue and then Register to create your App ID. Apple Configure App ID
  5. Navigate to the Identifiers page and click the blue plus sign next to the "Identifiers" header. Register this identifier as a Service ID and click Continue.
  6. Create a description for this Service ID that allows you to identify it easily, and an Identifier that’s a reverse-domain style string (e.g. com.yourcompany.yourservice). The identifier must be different from any identifier you’ve used for a Service ID or App ID in the past. Click Continue, and if everything looks good on the next screen, click Register.
  7. Upon registering your new Service ID, you will be taken back to your developer portal's Service IDs list. Click on the Service ID that you just created. Enable "Sign in with Apple" and click Configure. Apple Configure Service ID
  8. Select the relevant App ID for the Primary App ID field. Enter a list of domains and subdomains for your app in the "Website URLs > Domains and Subdomains" section. These should contain just the domain, not the “https://” in front of it (e.g. just "example.com"). Enter all domains that your app will redirect to here.
  9. Finally, in the "Website URLs > Return URLs" section, copy and paste the Redirect URI from the Dashboard. When you're finished, click Done, then Continue, then Save. Apple Return URL

Bitbucket

Follow these steps if you have not created a Bitbucket OAuth client yet.

  1. Navigate to Bitbucket Workspace Applications. For more information, check out Bitbucket's Creating an OAuth App guide here.
  2. Click OAuth consumers under Apps and features on the left navigation.
  3. Click Add consumer with your application name.
  4. Copy-paste the Redirect URI from the Dashboard into the Callback URL.
  5. Select at least Account Email and Read permissions.

Follow these steps if you already have an existing Bitbucket OAuth client.

  1. Navigate to Bitbucket Workspace Applications.
  2. On the application you'd like to use click the three dots on the right-hand side and press edit.
  3. Copy-paste the Redirect URI from the Dashboard into the Callback URL.

Coinbase

Follow these steps if you have not created a Coinbase OAuth client yet.

  1. Navigate to your OAuth Applications. For more information, check out Coinbase's Sign In with Coinbase guide.
  2. Click New OAuth2 Application with your application name, URL, description, and icon.
  3. Copy-paste the Redirect URI from the Dashboard into the Permitted Redirect URLs section.
  4. Click yes or no to each of the remittance questions and accept the terms and conditions.
  5. Click Create Application.

Follow these steps if you already have an existing Coinbase OAuth client.

  1. Navigate to your OAuth Applications.
  2. Click on the application you'd like to use and click Edit.
  3. Copy-paste the Redirect URI from the Dashboard into the Permitted Redirect URLs section and save.

Discord

Follow these steps if you have not created a Discord OAuth client yet.

  1. Navigate to Discord OAuth Applications. For more information, check out Discord's Creating an OAuth App guide here.
  2. Create a New Application with your application name. Then navigate to OAuth2 > General in the left hand sidebar.
  3. Copy-paste the Redirect URI from the Dashboard into the Redirect section by clicking Add Redirect.

Follow these steps if you already have an existing Discord OAuth client.

  1. Navigate to Discord OAuth Applications.
  2. Click on the application you'd like to use and press edit.
  3. Navigate to OAuth2 > General for your application.
  4. Update the Redirects by copy-pasting the Redirect URI from the Dashboard.

Facebook

Follow these steps if you have not created a Facebook OAuth client yet.

  1. Navigate to your Facebook (Meta) applications.
  2. Click Create App, choose Business, Consumer, Gaming, or None from the app type list.
  3. Click Next, fill out the details and click Create app.
  4. In the list of products, find Facebook Login and click Set up.
  5. Ignore the quickstart menu. Instead on the left pane under Facebook Login, click Settings. Facebook Login Settings
  6. Copy-paste the Redirect URI from the Dashboard into the list of Valid OAuth Redirect URIs. Fill in remaining fields how you see fit. Then click Save changes in the bottom right corner.

Follow these steps if you already have an existing Facebook OAuth client.

  1. Navigate to your Facebook (Meta) applications.
  2. Click on the application you'd like to use.
  3. In the list of products, find Facebook Login and click Set up.
  4. On the left pane, under Facebook Login, click Settings. Facebook Login Settings
  5. Copy-paste the Redirect URI from the Dashboard into the list of Valid OAuth Redirect URIs. Fill in remaining fields how you see fit. Then click Save changes in the bottom right corner.

Figma

Follow these steps if you have not created a Figma OAuth client yet.

  1. Navigate to Figma Workspace Applications. For more information, check out Figma's Authentication guide here.
  2. Create a new app with your application name, url, and logo.
  3. Copy-paste the Redirect URI from the Dashboard into the Callbacks section by clicking Add callback.
  4. Save your app.
  5. Copy the Client ID and Client Secret - this is the only time you can save the client secret for your app.

Follow these steps if you already have an existing Figma OAuth client.

  1. Navigate to Figma Workspace Applications.
  2. Click edit for your application.
  3. Copy-paste the Redirect URI from the Dashboard into the Callbacks section by clicking Add callback.

GitHub

Follow these steps if you have not created a Github OAuth client yet.

  1. Navigate to Github OAuth Applications. For more information, check out Github's Creating an OAuth App guide here.
  2. Click New OAuth App or Register a new application depending on if you have other applications or not.
  3. Copy-paste the Redirect URI from the Dashboard into the Authorization callback URL field Fill in remaining fields how you see fit.

Follow these steps if you already have an existing Github OAuth client.

  1. Navigate to Github OAuth Applications. If you're using an organization OAuth Application, navigate to the organization's Developer Settings tab. Note: this requires admin privileges.
  2. Click on the application you'd like to use.
  3. Copy-paste the Redirect URI from the Dashboard into the Authorization callback URL field.

Gitlab

Follow these steps if you have not created a Gitlab OAuth client yet.

  1. Navigate to Gitlab OAuth Applications. For more information, check out GitLab's Creating an OAuth App guide here.
  2. Create a New Application with the name, redirect uri, and desired scopes. You must include the openid, email, and profile scopes.
  3. Copy-paste the Redirect URI from the Dashboard into the Redirect URI field. Fill in remaining fields how you see fit.

Follow these steps if you already have an existing Gitlab OAuth client.

  1. Navigate to Gitlab OAuth Applications.
  2. Click on the application you'd like to use and press edit.
  3. Copy-paste the Redirect URI from the Dashboard into the Redirect URL. Under Scopes, make sure openid, email, and profile are selected.

LinkedIn

Follow these steps if you have not created a LinkedIn OAuth client yet.

  1. Navigate to LinkedIn OAuth Applications. For more information, check out LinkedIn's Creating an OAuth App guide here.
  2. Click Create app with your application name. Then navigate to Auth in the application menubar.
  3. Copy-paste the Redirect URI from the Dashboard into the Authorized redirect URLs for your app section by clicking the pencil icon.

Follow these steps if you already have an existing LinkedIn OAuth client.

  1. Navigate to LinkedIn OAuth Applications.
  2. Click on the application you'd like to use.
  3. Navigate to Auth in the application menubar.
  4. Update the Authorized redirect URLs for your app by copy-pasting the Redirect URI from the Dashboard.

Microsoft

Follow these steps if you have not created a Microsoft OAuth client yet.

  1. Create a Microsoft Azure account if you have not already done so.
  2. Navigate to Azure Active Directory to create a Microsoft application.
  3. Click New registration. New Microsoft Registration
  4. Enter a name for your OAuth client.
  5. Select "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)". Select Account Type
  6. Under the Redirect URI section, select Web and then copy-paste the Redirect URI from the Dashboard into the URI field. Redirect URI
  7. Click Register to save the configuration.

Follow these steps if you already have an existing Microsoft OAuth client.

  1. Navigate to Azure Active Directory and select your Microsoft application.
  2. Ensure that the Supported account types section is set to "All microsoft account users". If it’s not, navigate to the Manifest tab, set the "signInAudience" value to "AzureADandPersonalMicrosoftAccount", and save. Supported Account Types Sign in audience
  3. In your OAuth client configuration, select the link next to the Redirect URIs section. Then select Add a platform and finally select Web. Add a redirect URI Add a platform
  4. Copy-paste the Redirect URI from the Dashboard into the URI field. Configure redirect URIs
  5. Click Configure to save the URI.

Salesforce

Follow these steps if you have not created a Salesforce OAuth client yet.

  1. Navigate to your Applications or by going to Setup > App Manager. For more information, check out Salesforce's Authentication guide here.
  2. Create a New Connected App with your application name and contact email and phone number.
  3. Toggle Enable OAuth Settings in the API menu
  4. Copy-paste the Redirect URI from the Dashboard into the Callback URL section.
  5. Make sure to include at least Access the identity URL service (id, profile, email, address, phone) and Access unique user identifiers (openid) scopes.
  6. Check the Enable Client Credentials Flow checkbox.

Follow these steps if you already have an existing Salesforce OAuth client.

  1. Navigate to your project by clicking your application from your organizations app manager page.
  2. Copy-paste the Redirect URI from the Dashboard into the Callback URL section by clicking Enable OAuth Settings.

Slack

Follow these steps if you have not created a Slack OAuth client yet.

  1. Navigate to Slack OAuth Applications. For more information, check out Slack's Creating an OAuth App guide here.
  2. Select Create New App and choose to create it From scratch. Enter desired App Name and Slack Workspace.
  3. You will be redirected to the configuration page for your new App. On the left-hand sidebar, navigate to OAuth & Permissions.
  4. Scroll down to Redirect URLs and click Add New Redirect URL. Copy-paste the Redirect URI from the Dashboard, then click Save URLs.
  5. In the Scopes section under User Token Scopes add at least the following scopes: users:read, users:read.email.

Follow these steps if you already have an existing Slack OAuth client.

  1. Navigate to Slack OAuth Applications and select the OAuth App you will be using.
  2. On the left-hand sidebar, navigate to OAuth & Permissions.
  3. Scroll down to Redirect URLs and click Add New Redirect URL. Copy-paste the Redirect URI from the Dashboard, then click Save URLs.
  4. In the Scopes section under User Token Scopes add at least the following scopes: users:read, users:read.email.

Snapchat

Follow these steps if you have not created a Snapchat OAuth client yet.

  1. Navigate to Snapchat Applications. For more information, check out Snapchat's Authentication guide here.
  2. Create a New Project with your application name.
  3. Toggle Login Kit on at the bottom of the page. Select at least Display Name and Bitmoji Avatar.
  4. Copy-paste the Redirect URI from the Dashboard into the Redirect URI section and click Add URI.

Follow these steps if you already have an existing Snapchat OAuth client.

  1. Navigate to your project by clicking your application from your organizations manage page.
  2. Copy-paste the Redirect URI from the Dashboard into the OAuth Redirect URLs section by clicking Add.

Spotify

Follow these steps if you have not created a Spotify OAuth client yet.

  1. Navigate to your Spotify Applications. For more information, check out Spotify's Creating an OAuth App guide.
  2. Click Create an App with your application name and description. Then navigate to Edit settings in the application menubar.
  3. Copy-paste the Redirect URI from the Dashboard into the Redirect URLs section.

Follow these steps if you already have an existing Spotify OAuth client.

  1. Navigate to your Spotify Applications. Click on the application you'd like to use.
  2. Navigate to Edit settings in the application menubar.
  3. Copy-paste the Redirect URI from the Dashboard into the Redirect URLs section.

TikTok

Follow these steps if you have not created a TikTok OAuth client yet.

  1. Navigate to your TikTok Applications. For more information, check out TikTok's Authentication guide.
  2. Connect an app with your name, category, app icon, and description. Select your platforms.
  3. On the left-hand sidebar Add products, including at least Login Kit and TikTok API.
  4. Add links to your terms of service and privacy policy pages.
  5. Under Scopes we require at least user.info.basic. Add any additional scopes needed for your application.
  6. Copy-paste the Redirect URI from the Dashboard into the Redirect domain in the Login Kit section.
  7. Save changes for your app configuration, and then Submit for review. TikTok usually reviews new apps in 12-36 hours.

Follow these steps if you already have an existing TikTok OAuth client.

  1. Navigate to your application's manage pane, by clicking your application.
  2. Copy-paste the Redirect URI from the Dashboard into the Redirect domain in the Login Kit section.

Twitch

Follow these steps if you have not created a Twitch OAuth client yet.

  1. Navigate to your Twitch Console. For more information, check out Twitch's Authentication guide.
  2. Register Your Application with your application name.
  3. Copy-paste the Redirect URI from the Dashboard into the OAuth Redirect URLs section by clicking Add.

Follow these steps if you already have an existing Twitch OAuth client.

  1. Navigate to your application's manage pane, available in the right hand side bar of Twitch under Applications > Name of your application.
  2. Copy-paste the Redirect URI from the Dashboard into the OAuth Redirect URLs section by clicking Add.

Twitter

Follow these steps if you have not created a Twitter OAuth client yet.

  1. Signup for the Twitter API.
  2. Navigate to your Twitter Dashboard. For more information, check out Twitter's Authentication guide.
  3. Create App with your application name.
  4. Under User authentication settings, click Set up.
  5. Enable OAuth 2.0 Authentication by selecting Web App, Automated App or Bot.
  6. Copy-paste the Redirect URI from the Dashboard into the Callback URI / Redirect URL section.
  7. Add your website, terms of service, and privacy policy links, and click Save.

Follow these steps if you already have an existing Twitter OAuth client.

  1. Navigate to your application's User authentication settings, available in the right hand side bar of Twitter under Projects & Apps > Name of your application.
  2. Under User authentication settings, click Edit.
  3. Enable OAuth 2.0 Authentication by selecting Web App, Automated App or Bot.
  4. Copy-paste the Redirect URI from the Dashboard into the Callback URI / Redirect URL section.
  5. Add your website, terms of service, and privacy policy links, and click Save.

Yahoo

Follow these steps if you have not created a Yahoo OAuth client yet.

  1. After creating a Yahoo developer account, you can create a Yahoo OAuth application here. For more information, check out Yahoo's guide to receive your OAuth 2.0 credentials here.
  2. Create a New App with your application name and optional description and homepage URL.
  3. Copy-paste the Redirect URI from the Dashboard into the Redirect URLs section.
  4. Make sure to include OpenID Connect Permissions and ensure both Email and Profile are checked.

Follow these steps if you already have an existing Yahoo OAuth client.

  1. Navigate to your project by clicking your application from your organization's app page.
  2. Copy-paste the Redirect URI from the Dashboard into the Redirect URLs section.

Google

Amazon

Apple

Bitbucket

Coinbase

Discord

Facebook

Figma

GitHub

Gitlab

LinkedIn

Microsoft

Salesforce

Slack

Snapchat

Spotify

TikTok

Twitch

Twitter

Yahoo