Social sign-in
Social sign-in allows users to log in to your application using their existing accounts from providers like Google, GitHub, or Microsoft. This guide shows how to enable and configure social sign-in for your Ory project.
- Ory Console
- Ory CLI
Set the base redirect URI
- Log in to your Ory Console
- Select your workspace and project
- Navigate to the Authentication tab
- Click on Social Sign-In (OIDC) in the sidebar
- Enable the Enable OpenID Connect toggle
- Enter the URL of your application that should handle post-authentication redirects
Add a social provider
After enabling OpenID Connect, add a provider:
- Click the "Add new OpenID Connect provider" button
- Select a provider from the list:
Ory offers pre-configured options for popular providers. Check our provider list here.
Configure your provider
For pre-configured providers, you'll typically need to enter:
- Client ID (obtained from the provider's developer console)
- Client Secret (obtained from the provider's developer console)
The configuration includes:
- Client ID
- Client Secret
To enable and configure social sign-in using the CLI:
- First, download your Ory Identities configuration:
# List all available workspaces
ory list workspaces
# List all available projects
ory list projects --workspace <workspace-id>
# Get the configuration
ory get identity-config --project <project-id> --workspace <workspace-id> --format yaml > identity-config.yaml
- Edit the identity-config.yaml file to enable OIDC:
methods:
oidc:
config:
base_redirect_uri: http://localhost:4000
providers:
- client_id: "YOUR_CLIENT_ID"
client_secret: "YOUR_CLIENT_SECRET"
label: Google
provider: google
scope:
- user:email
enabled: true
-
Add the provider configuration to the providers array. Here are examples for common providers:
-
Apply the changes to your Ory project:
ory update identity-config --project <project-id> --workspace <workspace-id> --file identity-config.yaml
What users will see
After configuring social sign-in, your users will experience:
User flow
- A login page that displays buttons for each configured social provider
- When they click a provider button, they'll be redirected to that provider's authentication page
- After authenticating with the provider, they'll be sent back to your application
- If it's their first time using social sign-in, a new account will be created automatically
- For returning users, they'll be logged into their existing account