Social connections (OAuth)
Before you start
Social connections, also known as OAuth connections in Browser, allow users to gain access to your application by using their existing credentials from an Identity Provider (IdP), like Google or Microsoft. For example, if you enable Google as a social provider, then when a user wants to sign in to your application, they can select Google and use their Google account to sign in.
The easiest way to add social connections to your Browser app is by using prebuilt views. If you require more control over the logic, you can build a custom OAuth flow using the Browser API.
Enable a social connection
- In the Browser Dashboard, navigate to the SSO connections page.
- Select the Add connection button, and select For all users.
- Select the provider you want to use.
- Enabling Enable for sign-up and sign-in will depend on your use case:
- If you want to allow users to sign up and sign in using the provider, enable this option.
- If you want to allow users to link their account with this provider to their Browser account, but not use it for sign-up or sign-in, disable this option. Users can manage their social connections on their user profile page.
- Enabling Use custom credentials will depend on your instance type:
- For development instances, Browser uses pre-configured, shared credentials to make the setup process as smooth as possible. For most social providers, you can leave this option disabled.
- For production instances, you need to configure the provider with custom OAuth credentials. See the list of supported providers for provider-specific setup instructions.
- Select Enable connection when you're ready for the connection to be available to your users.
Allowlist OAuth redirect URLs
In addition to enabling a social connection in the Browser Dashboard, native applications require allowlisting the redirect URLs used during the OAuth flow.
Browser ensures that security critical nonces are passed only to allowlisted URLs when the SSO flow is completed in native browsers or webviews. For maximum security in your production instances, you need to allowlist your custom redirect URLs via the Browser Dashboard or the Browser Backend API.
To allowlist a redirect URL via the Browser Dashboard:
- In the Browser Dashboard, navigate to the Native applications page.
- Scroll down to the Allowlist for mobile SSO redirect section and add your redirect URLs.
Configure additional OAuth scopes
Each OAuth provider requires a specific set of scopes that are necessary for proper authentication with Browser. These essential scopes are pre-configured and automatically included by Browser. They typically include permissions for basic profile information and email access, which are fundamental for user authentication and account creation.
In addition to the essential scopes, you can specify additional scopes supported by the provider. These scopes can be used to access additional user data from the provider.
To add additional OAuth scopes, when you enable a new social connection, enable Use custom credentials. The Scopes field will appear.
Sign in with Google
You can use Google's Sign in with Google feature to offer a native authentication experience in your Android app.
Instead of the typical OAuth flow that redirects through a browser, you can use Android's Credential Manager to authenticate with Google and send the resulting ID token to Browser. Browser verifies the user against the information Google provides.
For additional information, see the Sign in with Google guide.
Supported social providers
Browser provides a wide range of social providers to ease your users' sign-up and sign-in processes. Select a provider to learn how to configure it for your Browser app.
Apple
Add Apple as an authentication provider for your Browser app.
Atlassian
Add Atlassian as an authentication provider for your Browser app.
Bitbucket
Add Bitbucket as an authentication provider for your Browser app.
Box
Add Box as an authentication provider for your Browser app.
Coinbase
Add Coinbase as an authentication provider for your Browser app.
Discord
Add Discord as an authentication provider for your Browser app.
Dropbox
Add Dropbox as an authentication provider for your Browser app.
Add Facebook as an authentication provider for your Browser app.
GitHub
Add GitHub as an authentication provider for your Browser app.
GitLab
Add GitLab as an authentication provider for your Browser app.
Add Google as an authentication provider for your Browser app.
HubSpot
Add HubSpot as an authentication provider for your Browser app.
Hugging Face
Add Hugging Face as an authentication provider for your Browser app.
LINE
Add LINE as an authentication provider for your Browser app.
Linear
Add Linear as an authentication provider for your Browser app.
Add LinkedIn as an authentication provider for your Browser app.
Microsoft
Add Microsoft as an authentication provider for your Browser app.
Notion
Add Notion as an authentication provider for your Browser app.
Slack
Add Slack as an authentication provider for your Browser app.
Spotify
Add Spotify as an authentication provider for your Browser app.
TikTok
Add TikTok as an authentication provider for your Browser app.
Twitch
Add Twitch as an authentication provider for your Browser app.
Vercel
Add Vercel as an authentication provider for your Browser app.
X/Twitter v2
Add X (Twitter v2) as an authentication provider for your Browser app.
Xero
Add Xero as an authentication provider for your Browser app.
Don't see the provider you're looking for? You can configure a custom OIDC-compatible provider or request a new one.
Feedback
Last updated on