OAuth Providers

Codapult supports six OAuth providers via Better-Auth. Enable any provider by adding its credentials to .env.local — providers are detected automatically and appear on the sign-in page.

Quick Setup

1. Set the corresponding env vars in .env.local (see table below)
2. Set the callback URL in the provider's developer console: https://your-app.com/api/auth/callback/<provider>

Provider Reference

Callback URLs

Every provider needs a callback URL registered in its console. The format is always:

https://your-app.com/api/auth/callback/<provider>

For local development, use http://localhost:3000/api/auth/callback/<provider>.

Google Setup

1. Go to the Google Cloud Console → Credentials
2. Create an OAuth 2.0 Client ID (type: Web application)
3. Add authorized redirect URI: https://your-app.com/api/auth/callback/google
4. Copy credentials to .env.local:

GOOGLE_CLIENT_ID="your-client-id.apps.googleusercontent.com"
GOOGLE_CLIENT_SECRET="GOCSPX-your-secret"

GitHub Setup

1. Go to GitHub → Settings → Developer settings → OAuth Apps
2. Create a new OAuth App
3. Set callback URL: https://your-app.com/api/auth/callback/github
4. Copy credentials to .env.local:

GITHUB_CLIENT_ID="your-client-id"
GITHUB_CLIENT_SECRET="your-client-secret"

Other Providers

Apple, Discord, Twitter, and Microsoft follow the same pattern:

1. Create an OAuth application in the provider's developer console (see links in the table above)
2. Set the callback URL to https://your-app.com/api/auth/callback/<provider>
3. Copy the client ID and secret to .env.local using the env var names from the table

For provider-specific setup details (Apple certificates, Microsoft tenant config, etc.), see the Better-Auth OAuth documentation.

Disabling OAuth

Remove (or clear) the provider's CLIENT_ID and CLIENT_SECRET from .env.local. The sign-in page automatically hides the button when credentials are absent.