OAuth - Privy docs

Privy offers the ability to sign up and log users in using OAuth providers. Users can sign in with familiar flows on Google, Apple, Twitter, Github, Discord, LinkedIn, TikTok, Spotify, Instagram, and LINE.

Login with OAuth is the onboarding flow your users are used to, integrated into your application in just a few lines of code.

The SDK supports OAuth login with . For all other OAuth providers, you can use JWT-based authentication.

Use initOAuth from the useLoginWithOAuth hook to trigger the OAuth login flow.

initOAuth: ({ provider: OAuthProviderType, disableSignup?: boolean }) => Promise<void>

provider

OAuthProviderType

required

The OAuth provider to use for authentication. Valid values are: 'google', 'apple', 'twitter', 'github', 'discord', 'linkedin', 'spotify', 'tiktok', 'instagram', 'line'.

If set to true, the OAuth flow will only allow users to log in with existing accounts and prevent new account creation.

Usage

import { useLoginWithOAuth } from '@privy-io/react-auth';

export default function LoginWithOAuth() {
  const { state, loading, initOAuth } = useLoginWithOAuth();

  const handleLogin = async () => {
      try {
          // The user will be redirected to OAuth provider's login page
          await initOAuth({ provider: 'google' });
      } catch (err) {
          // Handle errors (network issues, validation errors, etc.)
          console.error(err);
      }
  };

  return (
      <div>
          <button onClick={handleLogin} disabled={loading}>
              {loading ? 'Logging in...' : 'Log in with Google'}
          </button>
      </div>
  );
}

Tracking Flow State

Track the state of the OAuth flow via the state variable returned by the useLoginWithOAuth hook.

state:
| {status: 'initial'}
| {status: 'loading'}
| {status: 'done'}
| {status: 'error'; error: Error | null};

status

'initial' | 'loading' | 'done' | 'error'

The current state of the OAuth flow.

error

Error | null

The error that occurred during the OAuth flow (only present when status is ‘error’).

Callbacks

You can optionally pass callbacks to the useLoginWithOAuth hook to run custom logic after a successful login or to handle errors.

`onSuccess`

onSuccess: ({user, isNewUser, wasAlreadyAuthenticated, loginMethod, linkedAccount}) => void

Parameters

user

User

The user object returned after successful login.

isNewUser

boolean

Whether the user is a new user or an existing user.

wasAlreadyAuthenticated

boolean

Whether the user was already authenticated before the OAuth flow.

The login method used (‘google’, ‘apple’, etc.).

linkedAccount

LinkedAccount

The linked account if the user was already authenticated.

`onError`

onError: (error: Error) => void

Parameters

error

Error

The error that occurred during the OAuth flow.

Example with Callbacks

import { useLoginWithOAuth } from '@privy-io/react-auth';

export default function LoginWithOAuth() {
    const { initOAuth } = useLoginWithOAuth({
        onSuccess: ({ user, isNewUser }) => {
            console.log('User logged in successfully', user);
            if (isNewUser) {
                // Perform actions for new users
            }
        },
        onError: (error) => {
            console.error('Login failed', error);
        }
    });

    return (
        <button onClick={() => initOAuth({ provider: 'google' })}>
            Log in with Google
        </button>
    );
}

Security

We recommend configuring allowed OAuth redirect URLs to restrict where users can be redirected after they log in with an external OAuth provider. Learn more here!

The SDK supports OAuth login with . For all other OAuth providers, you can use JWT-based authentication.

Use initOAuth from the useLoginWithOAuth hook to trigger the OAuth login flow.

initOAuth: ({ provider: OAuthProviderType, disableSignup?: boolean }) => Promise<void>

provider

OAuthProviderType

required

The OAuth provider to use for authentication. Valid values are: 'google', 'apple', 'twitter', 'github', 'discord', 'linkedin', 'spotify', 'tiktok', 'instagram', 'line'.

If set to true, the OAuth flow will only allow users to log in with existing accounts and prevent new account creation.

Usage

import { useLoginWithOAuth } from '@privy-io/react-auth';

export default function LoginWithOAuth() {
  const { state, loading, initOAuth } = useLoginWithOAuth();

  const handleLogin = async () => {
      try {
          // The user will be redirected to OAuth provider's login page
          await initOAuth({ provider: 'google' });
      } catch (err) {
          // Handle errors (network issues, validation errors, etc.)
          console.error(err);
      }
  };

  return (
      <div>
          <button onClick={handleLogin} disabled={loading}>
              {loading ? 'Logging in...' : 'Log in with Google'}
          </button>
      </div>
  );
}

Tracking Flow State

Track the state of the OAuth flow via the state variable returned by the useLoginWithOAuth hook.

state:
| {status: 'initial'}
| {status: 'loading'}
| {status: 'done'}
| {status: 'error'; error: Error | null};

status

'initial' | 'loading' | 'done' | 'error'

The current state of the OAuth flow.

error

Error | null

The error that occurred during the OAuth flow (only present when status is ‘error’).

Callbacks

You can optionally pass callbacks to the useLoginWithOAuth hook to run custom logic after a successful login or to handle errors.

`onSuccess`

onSuccess: ({user, isNewUser, wasAlreadyAuthenticated, loginMethod, linkedAccount}) => void

Parameters

user

User

The user object returned after successful login.

isNewUser

boolean

Whether the user is a new user or an existing user.

wasAlreadyAuthenticated

boolean

Whether the user was already authenticated before the OAuth flow.

The login method used (‘google’, ‘apple’, etc.).

linkedAccount

LinkedAccount

The linked account if the user was already authenticated.

`onError`

onError: (error: Error) => void

Parameters

error

Error

The error that occurred during the OAuth flow.

Example with Callbacks

import { useLoginWithOAuth } from '@privy-io/react-auth';

export default function LoginWithOAuth() {
    const { initOAuth } = useLoginWithOAuth({
        onSuccess: ({ user, isNewUser }) => {
            console.log('User logged in successfully', user);
            if (isNewUser) {
                // Perform actions for new users
            }
        },
        onError: (error) => {
            console.error('Login failed', error);
        }
    });

    return (
        <button onClick={() => initOAuth({ provider: 'google' })}>
            Log in with Google
        </button>
    );
}

Security

We recommend configuring allowed OAuth redirect URLs to restrict where users can be redirected after they log in with an external OAuth provider. Learn more here!

The SDK supports OAuth login with . For all other OAuth providers, you can use JWT-based authentication.

Configure allowed URL schemes

Prior to integrating OAuth login, make sure you have properly configured your app’s allowed URL schemes in the Privy dashboard.

Privy supports native Apple login when running on iOS. To configure native Apple login, follow this guide.

Use login from the useLoginWithOAuth hook to authenticate users using an OAuth provider.

login: ({
  provider: OAuthProviderType,
  disableSignup?: boolean
}) => Promise<PrivyUser>

Parameters

provider

OAuthProviderType

required

The OAuth provider to use for authentication. Valid values are: 'google', 'apple', 'twitter', 'github', 'discord', 'linkedin', 'spotify', 'tiktok', 'instagram'.

If true, the OAuth flow will only allow existing users to log in, preventing new account creation.

Response

user

PrivyUser

The user object returned after successful login.

Usage

import { useLoginWithOAuth } from '@privy-io/expo';

export function LoginButton() {
  const { login, state } = useLoginWithOAuth();

  return (
    <Button
      onPress={() => login({ provider: 'google' })}
      disabled={state.status === 'loading'}
    >
      {state.status === 'loading' ? 'Logging in...' : 'Login with Google'}
    </Button>
  );
}

Handling errors

The promise returned by the login method will reject with an error if the OAuth flow fails.

import { useLoginWithOAuth } from '@privy-io/expo';

export function LoginScreen() {
  const [isLoading, setIsLoading] = useState(false);
  const { login } = useLoginWithOAuth();

  const onPress = async () => {
    try {
      setIsLoading(true);
      const user = await login({ provider: 'google' });
      console.log('Login successful', user.id);
    } catch (error) {
      console.error('Login failed', error);
    } finally {
      setIsLoading(false);
    }
  };

  return (
    <Button
      disabled={isLoading}
      onPress={onPress}
      title="Login with Google"
    />
  );
}

Tracking Flow State

Track the state of the OAuth flow via the state variable returned by the useLoginWithOAuth hook.

state:
  | {status: 'initial'}
  | {status: 'loading'}
  | {status: 'done'}
  | {status: 'error'; error: Error | null};

status

'initial' | 'loading' | 'done' | 'error'

The current state of the OAuth flow.

error

Error | null

The error that occurred during the OAuth flow (only present when status is ‘error’).

Usage: Conditional Rendering

import { View, Text, Button } from 'react-native';
import { usePrivy, useLoginWithOAuth, hasError } from '@privy-io/expo';

export function LoginScreen() {
  const { user } = usePrivy();
  const { state, login } = useLoginWithOAuth();

  return state.status === 'done' ? (
    <View>
      <Text>You logged in successfully</Text>
    </View>
  ) : (
    <View>
      <Button
        disabled={state.status === 'loading'}
        onPress={() => login({ provider: 'google' })}
        title={state.status === 'loading' ? 'Logging in...' : 'Login with Google'}
      />

      {hasError(state) && (
        <Text>Error: {state.error.message}</Text>
      )}
    </View>
  );
}

The SDK supports OAuth login with . For all other OAuth providers, you can use JWT-based authentication.

Configure allowed URL schemes

Prior to integrating OAuth login, make sure you have properly configured your app’s allowed URL schemes in the Privy dashboard.

Privy supports native Apple login when running on iOS. To configure native Apple login, follow this guide.

To launch the oAuth flow, simply call privy.oAuth.login. As parameters to this method, pass the following fields:

provider

OAuthProvider

required

A member of the OAuthProvider enum specifying which OAuth provider the user should login with. Currently, .google, .apple, .discord, and .twitter are supported.

appUrlScheme

String

(Optional). Your app’s URL scheme as a string. If you do not pass this value, Privy will use the first valid app URL scheme from your app’s info.plist.

Returns

PrivyUser

The authenticated Privy user

Throws

An error if logging the user in is unsuccessful.

Usage

do {
    let privyUser = try await privy.oAuth.login(with: OAuthProvider.google, appUrlScheme: "privyiosdemo")
} catch {
    print("OAuth login error: \(error)")
}

That’s it! If your user was successfully authenticated, the login method will return the new AuthSession.

Handling errors

An error could be thrown if:

Your app url scheme is not explicitly provided or set in your info.plist
Your app url scheme is not registered in the Privy dashboard.
There was an issue generating the OAuth provider login URL
The user declined or cancelled the login attempt, or there was another error during authentication

If an error is thrown, you can get a description of the error as a string from the error thrown by privy.oAuth.login.

To configure native apple login, follow this guide.

The SDK supports OAuth login with . For all other OAuth providers, you can use JWT-based authentication.

Configure allowed URL schemes

Prior to integrating OAuth login, make sure you have properly configured your app’s allowed URL schemes in the Privy dashboard.

Configure your Android Manifest

Add the following activity to your AndroidManifest.xml file to handle OAuth redirects:

<activity
    android:name="io.privy.sdk.oAuth.PrivyRedirectActivity"
    android:exported="true"
    android:launchMode="singleTask">
    <intent-filter android:autoVerify="true">
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="YOUR_CUSTOM_PRIVY_OAUTH_SCHEME" />
    </intent-filter>
</activity>

Replace YOUR_CUSTOM_PRIVY_OAUTH_SCHEME with your app’s custom URL scheme.

This scheme must be unique for this activity as it can cause issues if they clash with other activities or apps.

To launch the oAuth flow, simply call privy.oAuth.login. As parameters to this method, pass the following fields:

provider

OAuthProvider

required

A member of the OAuthProvider enum specifying which OAuth provider the user should login with. Currently, Google, Discord, and Twitter are supported.

appUrlScheme

String

required

Your app’s URL scheme as a string. This must match the scheme configured in your AndroidManifest.xml.

Returns

PrivyUser

Result<PrivyUser>

A Result containing the authenticated PrivyUser. Returns Result.success with the PrivyUser if authentication was successful, or Result.failure if there was an error.

Usage

val scheme = "privytestapp://"

viewModelScope.launch {
    val result = privy.oAuth.login(OAuthProvider.Google, scheme)
    result
        .onSuccess { user ->
            // Handle successful authentication
            println("OAuth login successful: ${user.id}")
        }
        .onFailure { error ->
            // Handle authentication error
            println("OAuth login error: ${error.message}")
        }
}

That’s it! If your user was successfully authenticated, the login method will return the authenticated PrivyUser.

Handling errors

The login method returns a Result that will contain a failure if:

Your app URL scheme is not provided in the method call
Your app URL scheme is not registered in the Privy dashboard
Your app URL scheme doesn’t match the one configured in your AndroidManifest.xml
There was an issue generating the OAuth provider login URL
The user declined or cancelled the login attempt, or there was another error during authentication

You can handle these errors using the onFailure method as shown in the usage example above.

Configure allowed URL schemes

Prior to integrating OAuth login, make sure you have properly configured your app’s allowed URL schemes in the Privy dashboard.

To authenticate a user via an OAuth account (e.g. Google, Discord, Apple), use the Privy client’s OAuth handler.

This is a two step process, though Privy’s Unity SDK wraps it into a single method call:

Generate an OAuth login URL corresponding to your desired OAuth provider
Redirect the user to the login URL to have them authenticate with the chosen OAuth provider

Supported OAuth Providers

Privy’s Unity SDK currently supports OAuth login with Google, Apple, Twitter, and Discord.

We’re actively working to expand our support for other OAuth providers. Interested in a specific provider that isn’t currently supported? Contact us at [email protected].

To launch the OAuth flow, simply call PrivyManager.Instance.OAuth.LoginWithProvider. As parameters to this method, pass the following fields:

provider

OAuthProvider

required

A member of the OAuthProvider enum specifying which OAuth provider the user should login with.

redirectUri

String

required

For WebGL builds, this will be your redirect URL. For applications, this will be your app’s URL scheme.

Usage

try
{
    // Log the user in with Google OAuth
    await PrivyManager.Instance.OAuth.LoginWithProvider(OAuthProvider.Google, "myappscheme");
}
catch
{
    // Login with OAuth was unsuccessful
    Debug.Log("Error logging user in.");
}

That’s it! If your user was successfully authenticated, the LoginWithProvider method will return the new AuthState for a user.

This method will throw an error if:

a redirectUri is not provided
the network call to authenticate the user fails

User authentication

​Usage

​Tracking Flow State

​Callbacks

​onSuccess

​Parameters

​onError

​Parameters

​Example with Callbacks

​Security

​Usage

​Tracking Flow State

​Callbacks

​onSuccess

​Parameters

​onError

​Parameters

​Example with Callbacks

​Security

​Configure allowed URL schemes

​Initializing the login flow

​Parameters

​Response

​Usage

​Handling errors

​Tracking Flow State

​Usage: Conditional Rendering

​Configure allowed URL schemes

​Initializing the login flow

​Returns

​Throws

​Usage

​Handling errors

​Native Apple login

​Configure allowed URL schemes

​Configure your Android Manifest

​Initializing the login flow

​Returns

​Usage

​Handling errors

​Configure allowed URL schemes

​Initializing the login flow

​Supported OAuth Providers

​Initializing the login flow

​Usage

Usage

Tracking Flow State

Callbacks

`onSuccess`

Parameters

`onError`

Parameters

Example with Callbacks

Security

Usage

Tracking Flow State

Callbacks

`onSuccess`

Parameters

`onError`

Parameters

Example with Callbacks

Security

Configure allowed URL schemes

Initializing the login flow

Parameters

Response

Usage

Handling errors

Tracking Flow State

Usage: Conditional Rendering

Configure allowed URL schemes

Initializing the login flow

Returns

Throws

Usage

Handling errors

Native Apple login

Configure allowed URL schemes

Configure your Android Manifest

Initializing the login flow

Returns

Usage

Handling errors

Configure allowed URL schemes

Initializing the login flow

Supported OAuth Providers

Initializing the login flow

Usage