Appearance
Login methods
Use the Login Methods page of the dashboard to configure login and linking methods for your app.
Social providers
Enable all account types that you'd like users to be able to login with or link to your app when enabling Login Methods.You can always customize which account types you'd like to present for login specifically using Privy's SDKs.
On disabled login methods, Privy will automatically reject any request to login with or link that account type for your app ID.
Default vs custom credentials
You can enable OAuth (social) logins quickly by just toggling it on in the Dashboard page. This will use default OAuth credentials that the Privy team has configured with each provider.
However, best practice is to configure your own app's OAuth credentials for each account type.
Configuring your own OAuth credentials has many benefits:
- Your app has more control over security and resiliency.
- Your users will see your branding on the social login provider's authentication screen.
TIP
Just getting started with Privy? We recommend you complete your integration in development using Privy's default credentials first. Before going to production, you can easily swap in your own credentials!
Configure your OAuth credentials
Follow this guide to configure your own app's OAuth credentials.
1. Setup your OAuth apps for each provider
To configure OAuth credentials for a given provider, first create an OAuth app with your chosen provider, following the provider-specific instructions below.
For all providers, during setup, specify Privy's OAuth callback endpoint as your redirect URI:
https://auth.privy.io/api/v1/oauth/callback
Apple
Follow this guide to configure your Apple app, service, and key. Note that Apple differs from the rest of the providers in a few ways. You will need to provide the following to Privy upon completion:
- Team ID: the identifier associated with your Apple developer account.
- Services ID: this will be used as your
Client ID
. - Key ID: the identifier associated with your key.
- Key: this will be used as your
Signing key
.
INFO
If you have an app that has users who have already logged in using Privy's default credentials, we do not yet support migrating these users. If you'd like to test using your own credentials in a development environment, you can do so by creating a new app and setting your credentials before any Apple users log in.
Discord
Follow this guide to register a developer application. After Creating a Discord app, use the OAuth2 settings to generate a Client Secret
and set Redirects
. You will need to provide the following to Privy upon completion:
- Client ID
- Client Secret
GitHub
Follow this guide to create a GitHub OAuth App. Do not enable device flow. You will need to provide the following to Privy upon completion:
- Client ID
- Client secret
Google
Follow this guide. When you are creating your app, make sure to specify Web App
for your app type (it will be treated as a web app in the context of OAuth since you are using Privy). You will need to provide the following to Privy upon completion:
- Client ID
- Client secret
Instagram
Follow this guide to register a developer application. After Creating a Instagram app, use the OAuth2 settings to generate a Client Secret
and set Redirects
. You will need to provide the following to Privy upon completion:
- Client ID
- Client Secret
INFO
When configuring your Instagram app, you must request the instagram_graph_user_profile
permission for your application. This enables Privy to return the user's profile information, such as the Instagram user ID and username. You can learn more about Instagram permissions here.
LinkedIn
Follow this guide. You will need to provide the following to Privy upon completion:
- Client ID
- Primary Client Secret
INFO
If you have an app that has users who have already logged in using Privy's default credentials, we do not yet support migrating these users. If you'd like to test using your own credentials in a development environment, you can do so by creating a new app and setting your credentials before any LinkedIn users log in.
Spotify
Follow this guide to register a developer application. After Creating a Spotify app, use the OAuth2 settings to generate a Client Secret
and set Redirects
. You will need to provide the following to Privy upon completion:
- Client ID
- Client Secret
TikTok
Follow the instructions in the 'Prerequisites' section of this guide to register your app and enable LoginKit. When you are creating your app, make sure to specify Configure for Web
for your app type (it will be treated as a web app in the context of OAuth since you are using Privy).
TikTok is different from other providers in a few key ways:
- Your OAuth
client_id
is referred to asclient_key
. - You are required to provide a Terms of Service URL and Privacy Policy URL when creating your app.
- TikTok conducts a review process, and your new credentials will not work until your app is approved and move to
Production
status.
You will need to provide the following to Privy upon completion:
- Client key (as described above)
- Client secret
INFO
If you have an app that has users who have already logged in using Privy's default credentials, we do not yet support migrating these users. If you'd like to test using your own credentials in a development environment, you can do so by creating a new app and setting your credentials before any TikTok users log in.
X (formerly known as Twitter)
Follow this guide to create an X (formerly known as Twitter) app. Make sure to configure your app as a "Public client". In the application authentication settings this is the Native App
option for Type of App
. You will need to provide the following to Privy upon completion:
- Client ID
- Client Secret
2. Configure your credentials with Privy
WARNING
Your custom credentials will go live to all your users as soon as you save them in the dashboard. We highly encourage you to test them in a development app before setting them for your production app.
Navigate to the Login methods page on the Privy dashboard by selecting your app and clicking Login Methods on the side bar. Click on the socials tab to see the social providers. Enter the OAuth credentials under the drop down for you set up.
If a provider does not have a drop down, it does not currently support configuring your own credentials.
3. Configure token return and custom scopes
For any OAuth login method for which you configure your own credentials, you are able to have the user's OAuth and Refresh access tokens returned to your application's front by toggling Return OAuth tokens
and making use of the useOAuthTokens hook.
If you allow for your application to return OAuth tokens to the front-end, you are also able to configure custom scopes for the OAuth authorization flow, so that the OAuth token returned can be authorized to make API requests beyond the standard scope (such as writes, or authorized access to more granular user data).
WARNING
It is important that OAuth and refresh tokens are highly sensitive tokens that should be handled and stored in a secure fashion, inaccessible to any other third-party systems. Contact us if you have questions or would like guidance on token management best practices.
Notes
- You can update them anytime, with the exception of Apple, LinkedIn, and TikTok.
- You can set and save credentials for disabled providers. These credentials will be stored and will be used for that provider’s requests once you enable it.
- If you are experiencing an issue after setting your own credentials, you can roll back to using Privy's default credentials by removing your own from the configuration screen. We only recommend doing this if you are experiencing an issue as moving to use your own credentials is best practice. This will not work for Apple, LinkedIn, or TikTok if you have existing users.
FAQ
Can I delete my custom credentials and go back to using the Privy default ones?
You can remove your credentials from the same page you configured them to go back to using Privy's defaults. We only recommend doing this if you are experiencing an issue with your own credentials as migrating to your own credentials is the best practice.
For Apple, LinkedIn, and TikTok, once your credentials are in use, you will not be able to reset them due to user migration (see below).
Will migrating to custom credentials impact my users?
For most providers, the change will be undetectable by end users, other than their seeing your app’s name next time the log in (rather than Privy’s). For Apple, LinkedIn, and TikTok, if your app currently uses Privy's default credentials, we do not support updating to custom credentials. This process requires a migration which we have not yet built.