OAuth Providers
End-user social login via Strapi's Users & Permissions plugin. End-users only — these providers authenticate visitors of your app. For CMS-admin SSO see Microsoft SSO.
For the underlying auth architecture see UI Authentication.
Flow
The callback page is apps/ui/src/app/[locale]/auth/strapi-oauth/[provider]/page.tsx. The Better Auth plugin handling the exchange is strapiOAuthPlugin in apps/ui/src/lib/auth.ts:334.
Setup
Each provider requires three coordinated configurations: the provider's developer console, the Strapi admin, and (if local) a tunneling service.
1. Strapi admin
- Settings → Users & Permissions → Providers
- Enable the provider (e.g.
github) - Set Client ID and Client Secret (from the provider's developer console — see step 2)
- Redirect URL = your UI callback:
https://your-domain.com/auth/strapi-oauth/github
2. Provider developer console (example: GitHub)
GitHub → Settings → Developer settings → OAuth Apps → New OAuth App:
- Homepage URL = your Strapi URL, e.g.
https://your-domain.com - Authorization callback URL =
https://your-domain.com/api/connect/github/callback
Copy generated Client ID + Secret into the Strapi admin (step 1).
If you previously used /auth/strapi-oauth/callback, update both the Strapi provider settings and the provider developer console to the per-provider callback path.
No UI code changes needed — SignInForm already routes to /api/connect/<provider> on button click. To add a new provider button, extend apps/ui/src/app/[locale]/auth/signin/_components/SocialButtons.tsx.
Local Development with ngrok
Most OAuth providers reject localhost callbacks. Use ngrok (or similar) to tunnel.
-
Install ngrok:
brew install ngrok -
Start Strapi:
pnpm dev:strapi -
Tunnel Strapi:
ngrok http 1337 -
Copy the generated URL (e.g.
https://abc123.ngrok.io) -
Update
apps/strapi/config/server.ts:url: "https://abc123.ngrok.io" -
Update
apps/strapi/src/admin/vite.config.ts:server: {allowedHosts: ["abc123.ngrok.io"]} -
Set env var in
apps/strapi/.env:APP_URL=https://abc123.ngrok.io -
GitHub OAuth App:
- Homepage URL:
https://abc123.ngrok.io - Authorization callback:
https://abc123.ngrok.io/api/connect/github/callback
- Homepage URL:
-
Strapi admin → Providers → GitHub → Redirect URL:
http://localhost:3000/auth/strapi-oauth/github -
Restart both Strapi and Next.js
Supported Providers
Any provider implemented by Strapi's Users & Permissions plugin: GitHub, Google, Facebook, Discord, etc. See the Strapi providers docs.
Related Documentation
- Authentication — Better Auth session + Strapi JWT