Social login

Authly signs users in through outside providers. Your users click a provider button. Authly runs the whole exchange. Your application receives the same tokens as any other login.

Supported providers

Authly supports Google, GitHub, Facebook, X, GitLab, Microsoft, Apple, LinkedIn, Discord, Twitch, and Yahoo.

Two ways to supply credentials

Every provider needs an OAuth client id and secret. You choose where they come from.

  1. Your own credentials. Open your application in the developer dashboard. Open the social providers section. Add your client id and secret for each provider. Authly encrypts the secret and uses it only for your application.
  2. Platform credentials. If you add nothing, Authly uses its own credentials where they exist. This lets you ship fast and add your own keys later.

How accounts link

A user can hold several providers on one Authly account. Authly links them by verified email.

  • A user signs in with Google. Google reports a verified email that already belongs to an account. Authly attaches the Google identity to that account.
  • A user signs in with a provider that reports no email or an unverified one. Authly creates a fresh account. It never merges on an unverified email.

A signed in user can connect more providers from their account page. They can disconnect any provider, as long as one way to sign in remains.

What you build

Nothing extra. Social login produces the same access token and id token as a password login. You verify the token the same way. Read Verify tokens.