Social Login Setup Guide

This guide walks you through setting up social login providers for the OAuth2 server.

Google OAuth2 Setup

  1. Go to Google Cloud Console
  2. Create a new project or select an existing one
  3. Navigate to "APIs & Services" > "Credentials"
  4. Click "Create Credentials" > "OAuth client ID"
  5. Configure the consent screen if prompted
  6. Select "Web application" as the application type
  7. Add authorized redirect URIs:
  8. http://localhost:8080/auth/callback/google
  9. Add your production URL when deploying
  10. Copy the Client ID and Client Secret
  11. Set environment variables:
export OAUTH2_GOOGLE_CLIENT_ID=your-client-id
export OAUTH2_GOOGLE_CLIENT_SECRET=your-client-secret

Microsoft/Azure AD Setup

  1. Go to Azure Portal
  2. Navigate to "Azure Active Directory" > "App registrations"
  3. Click "New registration"
  4. Enter application name and select account types
  5. Add redirect URI: http://localhost:8080/auth/callback/microsoft
  6. After creation, note the "Application (client) ID"
  7. Go to "Certificates & secrets" > "New client secret"
  8. Copy the secret value immediately (it won't be shown again)
  9. Set environment variables:
export OAUTH2_MICROSOFT_CLIENT_ID=your-client-id
export OAUTH2_MICROSOFT_CLIENT_SECRET=your-client-secret
export OAUTH2_MICROSOFT_TENANT_ID=common  # or specific tenant ID

GitHub OAuth Setup

  1. Go to GitHub Settings
  2. Click "OAuth Apps" > "New OAuth App"
  3. Fill in application details:
  4. Application name: Your OAuth2 Server
  5. Homepage URL: http://localhost:8080
  6. Authorization callback URL: http://localhost:8080/auth/callback/github
  7. Click "Register application"
  8. Generate a new client secret
  9. Copy the Client ID and Client Secret
  10. Set environment variables:
export OAUTH2_GITHUB_CLIENT_ID=your-client-id
export OAUTH2_GITHUB_CLIENT_SECRET=your-client-secret

Okta Setup

  1. Sign up for Okta Developer Account
  2. Go to "Applications" > "Create App Integration"
  3. Select "OIDC - OpenID Connect"
  4. Select "Web Application"
  5. Configure settings:
  6. Sign-in redirect URIs: http://localhost:8080/auth/callback/okta
  7. Sign-out redirect URIs: http://localhost:8080
  8. Save and note the Client ID and Client Secret
  9. Note your Okta domain (e.g., dev-12345.okta.com)
  10. Set environment variables:
export OAUTH2_OKTA_CLIENT_ID=your-client-id
export OAUTH2_OKTA_CLIENT_SECRET=your-client-secret
export OAUTH2_OKTA_DOMAIN=dev-12345.okta.com

Auth0 Setup

  1. Sign up for Auth0
  2. Go to "Applications" > "Create Application"
  3. Select "Regular Web Applications"
  4. Go to "Settings" tab
  5. Configure:
  6. Allowed Callback URLs: http://localhost:8080/auth/callback/auth0
  7. Allowed Logout URLs: http://localhost:8080
  8. Copy the Domain, Client ID, and Client Secret
  9. Set environment variables:
export OAUTH2_AUTH0_CLIENT_ID=your-client-id
export OAUTH2_AUTH0_CLIENT_SECRET=your-client-secret
export OAUTH2_AUTH0_DOMAIN=your-tenant.auth0.com

Testing Social Login

  1. Start the OAuth2 server:
cargo run
  1. Navigate to the login page:
http://localhost:8080/auth/login

  1. Click on any social login button to test the integration

  2. After successful authentication, you'll be redirected to the success page

Production Considerations

Security

  • Always use HTTPS in production
  • Store client secrets securely (use secret management services)
  • Implement rate limiting
  • Add CSRF protection (already included via session tokens)
  • Validate redirect URIs strictly

Environment Variables

Create a .env file for local development (DO NOT commit this file):

# Server Configuration
OAUTH2_SERVER_HOST=127.0.0.1
OAUTH2_SERVER_PORT=8080
OAUTH2_DATABASE_URL=sqlite:oauth2.db
OAUTH2_JWT_SECRET=your-super-secret-jwt-key-minimum-32-characters

# Google
OAUTH2_GOOGLE_CLIENT_ID=your-google-client-id
OAUTH2_GOOGLE_CLIENT_SECRET=your-google-client-secret

# Microsoft
OAUTH2_MICROSOFT_CLIENT_ID=your-microsoft-client-id
OAUTH2_MICROSOFT_CLIENT_SECRET=your-microsoft-client-secret
OAUTH2_MICROSOFT_TENANT_ID=common

# GitHub
OAUTH2_GITHUB_CLIENT_ID=your-github-client-id
OAUTH2_GITHUB_CLIENT_SECRET=your-github-client-secret

# Okta
OAUTH2_OKTA_CLIENT_ID=your-okta-client-id
OAUTH2_OKTA_CLIENT_SECRET=your-okta-client-secret
OAUTH2_OKTA_DOMAIN=dev-12345.okta.com

# Auth0
OAUTH2_AUTH0_CLIENT_ID=your-auth0-client-id
OAUTH2_AUTH0_CLIENT_SECRET=your-auth0-client-secret
OAUTH2_AUTH0_DOMAIN=your-tenant.auth0.com

Docker Deployment

Update the docker-compose.yml to include environment variables:

oauth2_server:
  environment:
    - OAUTH2_GOOGLE_CLIENT_ID=${OAUTH2_GOOGLE_CLIENT_ID}
    - OAUTH2_GOOGLE_CLIENT_SECRET=${OAUTH2_GOOGLE_CLIENT_SECRET}
    # Add other providers as needed

Troubleshooting

Common Issues

  1. Redirect URI Mismatch
  2. Ensure the redirect URI configured in the provider matches exactly

  3. Check for trailing slashes and protocol (http vs https)

  4. CSRF Token Mismatch

  5. Clear browser cookies

  6. Check session middleware configuration

  7. Invalid Client Credentials

  8. Verify client ID and secret are correct

  9. Check if credentials have expired or been revoked

  10. Scope Errors

  11. Ensure required scopes are requested
  12. Check provider-specific scope requirements

Debug Logging

Enable debug logging to troubleshoot issues:

export RUST_LOG=debug
cargo run

Support

For issues or questions:

  • Check the documentation
  • Open an issue on GitHub
  • Review provider-specific documentation