OAuthProvider
Manages third-party authentication providers that allow users to sign in using their existing accounts from services like Google, Facebook, GitHub, or corporate systems like Active Directory. OAuth providers eliminate the need for users to create and remember yet another password by leveraging their existing trusted accounts. This entity stores the configuration needed to connect to each provider, including client credentials, endpoints, and permission scopes. It handles the complex OAuth flow, storing tokens securely and managing token refresh when they expire. Each provider can be configured with specific permissions (scopes) that determine what information the application can access from the user's third-party account. This is essential for 'Sign in with Google' buttons, enterprise Single Sign-On (SSO), and social login features that reduce friction during user registration and improve security by delegating authentication to established providers.
Properties
| Property | Type | Mode | Description | Required |
|---|---|---|---|---|
| providerName | string | stored | Unique identifier for the OAuth provider Example: | Required |
| displayName | string | stored | User-friendly name shown on login buttons Example: | Required |
| providerType | string | enum | Category of authentication provider Values: Example: | Optional |
| clientId | string | stored | Application's unique identifier registered with the provider Example: | Required |
| clientSecret | string | stored | Secret key for authenticating with the provider (encrypted) | Required |
| authorizationUrl | string | stored | URL where users are sent to grant permissions Example: | Required |
| tokenUrl | string | stored | URL for exchanging authorization codes for access tokens Example: | Required |
| userInfoUrl | string | stored | URL to fetch user profile information Example: | Optional |
| scopes | string[] | stored | Permissions requested from the provider Example: | Optional |
| redirectUri | string | stored | URL where provider sends users after authentication Example: | Required |
| iconUrl | string | stored | Provider's logo for display on login page Example: | Optional |
| buttonColor | string | stored | Brand color for the login button Example: | Optional |
| isEnabled | boolean | stored | Whether this provider is available for login | Optional |
| isDefault | boolean | stored | Whether this is the preferred login method | Optional |
| allowSignup | boolean | stored | Whether new users can register via this provider | Optional |
| autoLinkAccounts | boolean | stored | Automatically link accounts with matching email addresses | Optional |
| userFieldMapping | object | stored | Maps provider fields to application user fields | Optional |
| metadata | object | stored | Additional provider-specific configuration | Optional |
| createdAt | DateTime | stored | When this provider was configured | Required |
Examples
Example 1
{
"@type": "OAuthProvider",
"providerName": "google",
"displayName": "Google",
"providerType": "oauth2",
"clientId": "1234567890-abcdefg.apps.googleusercontent.com",
"authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenUrl": "https://oauth2.googleapis.com/token",
"userInfoUrl": "https://www.googleapis.com/oauth2/v2/userinfo",
"scopes": [
"openid",
"email",
"profile"
],
"redirectUri": "https://myapp.com/auth/google/callback",
"iconUrl": "https://myapp.com/icons/google.svg",
"buttonColor": "#4285F4",
"isEnabled": true,
"isDefault": true,
"allowSignup": true,
"autoLinkAccounts": true,
"userFieldMapping": {
"id": "sub",
"email": "email",
"name": "name",
"picture": "picture",
"emailVerified": "email_verified"
},
"metadata": {
"accessType": "offline",
"prompt": "consent"
},
"createdAt": "2024-01-01T00:00:00Z"
}Example 2
{
"@type": "OAuthProvider",
"providerName": "azure-ad",
"displayName": "Microsoft Work Account",
"providerType": "oidc",
"clientId": "98765432-wxyz-1234-5678-fedcba987654",
"authorizationUrl": "https://login.microsoftonline.com/tenant-id/oauth2/v2.0/authorize",
"tokenUrl": "https://login.microsoftonline.com/tenant-id/oauth2/v2.0/token",
"userInfoUrl": "https://graph.microsoft.com/v1.0/me",
"scopes": [
"openid",
"email",
"profile",
"User.Read"
],
"redirectUri": "https://enterprise.app/auth/azure/callback",
"iconUrl": "https://enterprise.app/icons/microsoft.svg",
"buttonColor": "#0078D4",
"isEnabled": true,
"isDefault": false,
"allowSignup": false,
"autoLinkAccounts": false,
"userFieldMapping": {
"id": "id",
"email": "userPrincipalName",
"name": "displayName",
"firstName": "givenName",
"lastName": "surname"
},
"metadata": {
"tenant": "organizations",
"allowedDomains": [
"company.com",
"subsidiary.com"
],
"groupClaimsEnabled": true
},
"createdAt": "2024-01-15T10:00:00Z"
}