OAuth Providers

SpartanAuth supports social login via OAuth 2.0 and OIDC. OAuth providers are configured per sector, so different applications can have different social login options.

Supported providers

Provider	Protocol
Google	OIDC (OpenID Connect)
GitHub	OAuth 2.0
Apple	Sign In with Apple (ES256 JWT)

Configuring a provider

In the dashboard, navigate to your sector and click OAuth Providers. Toggle on the provider you want to configure and fill in the required credentials.

Google

Go to Google Cloud Console → APIs & Services → Credentials
Create an OAuth 2.0 Client ID (Web application)
Add your SpartanAuth callback URL as an authorized redirect URI:
```
https://api.spartanauth.com/api/v1/oauth/google/callback
```
Copy the Client ID and Client Secret into the dashboard

GitHub

Go to GitHub Developer Settings → OAuth Apps → New OAuth App

Set the Authorization callback URL to:

https://api.spartanauth.com/api/v1/oauth/github/callback

Copy the Client ID and generate a Client Secret into the dashboard

Apple

Apple Sign In requires a few more steps:

In Apple Developer Portal, create a Services ID for your app

Configure Sign In with Apple and add your return URL:

https://api.spartanauth.com/api/v1/oauth/apple/callback

Create a Key with Sign In with Apple capability and download the .p8 file
In the dashboard, provide:
- Team ID (top-right of Apple Developer Portal)
- Key ID (from the key you created)
- Services ID (the identifier you created)
- Private Key (contents of the .p8 file)

When a user logs in via a social provider for the first time:

If Self Sign-Up is enabled on the sector, a new profile is created automatically
If Self Sign-Up is disabled, the login attempt returns a 403 error

To allow OAuth login for existing users only, disable self sign-up and pre-create accounts with matching email addresses.