Login methods

Use the Login Methods page of the dashboard to configure login and linking methods for your app.

Social providers

Enable all account types that you'd like users to be able to login with or link to your app when enabling Login Methods. You can always customize which account types you'd like to present for login specifically using Privy's SDKs.

If a login method is disabled, Privy will automatically reject any request to login with or link that account type for your app ID.

Default vs custom credentials

You can enable OAuth (social) logins quickly by just toggling it on in the Dashboard page. This will use default OAuth credentials that the Privy team has configured with each provider.

However, best practice is to configure your own app's OAuth credentials for each account type.

Configuring your own OAuth credentials has many benefits:

• Your app has more control over security and resiliency.
• Your users will see your branding on the social login provider's authentication screen.

TIP

Just getting started with Privy? We recommend you complete your integration in development using Privy's default credentials first. Before going to production, you can easily swap in your own credentials!

Configure your OAuth credentials

Follow this guide to configure your own app's OAuth credentials.

1. Setup your OAuth apps for each provider

To configure OAuth credentials for a given provider, first create an OAuth app with your chosen provider, following the provider-specific instructions below.

For all providers, during setup, specify Privy's OAuth callback endpoint as your redirect URI:

https://auth.privy.io/api/v1/oauth/callback

Apple

Follow this guide to configure your Apple app, service, and key. Note that Apple differs from the rest of the providers in a few ways. You will need to provide the following to Privy upon completion:

• Team ID: the identifier associated with your Apple developer account.
• Service ID: this will be used as your Client ID. You can find this value listed under the Identifier field in the Service IDs section:

TIP

If you are building a mobile app, you will need to use the App ID instead of the Service ID. This should be the same as your application's BundleId and should be entered as your Client ID in the privy dashboard.

• Key ID: the identifier associated with your key, found in the Keys section of the Apple Developer dashboard.
• Key: this private key will be generated alongside the Key ID and will be used as your Signing key. Be sure to copy and paste the entire key with the header and footer into the Signing key input.

INFO

If you have an app that has users who have already logged in using Privy's default credentials, we do not yet support migrating these users. If you'd like to test using your own credentials in a development environment, you can do so by creating a new app and setting your credentials before any Apple users log in.

Discord

Follow this guide to register a developer application. After Creating a Discord app, use the OAuth2 settings to generate a Client Secret and set Redirects. You will need to provide the following to Privy upon completion:

• Client ID
• Client Secret

GitHub

Follow this guide to create a GitHub OAuth App. Do not enable device flow. You will need to provide the following to Privy upon completion:

• Client ID
• Client secret

Google

Follow this guide. When you are creating your app, make sure to specify Web App for your app type (it will be treated as a web app in the context of OAuth since you are using Privy). You will need to provide the following to Privy upon completion:

• Client ID
• Client secret

Instagram

TIP

Starting on December 4, 2024, Meta will fully deprecate the Instagram Basic Display API. After that time, Privy will only support the Instagram Login API for business and creator account logins. Please reach out to support if you need assistance in this API migration.

Follow this guide to register a developer application. After Creating a Instagram app, use the OAuth2 settings to generate a Client Secret and set Redirects. You will need to provide the following to Privy upon completion:

• Client ID
• Client Secret

INFO

If you are using the Instagram Basic Display API, you must request the instagram_graph_user_profile permission for your application. This enables Privy to return the user's profile information, such as the Instagram user ID and username. You can learn more about Instagram permissions here.

LinkedIn

Follow this guide. You will need to provide the following to Privy upon completion:

• Client ID
• Primary Client Secret

INFO

If you have an app that has users who have already logged in using Privy's default credentials, we do not yet support migrating these users. If you'd like to test using your own credentials in a development environment, you can do so by creating a new app and setting your credentials before any LinkedIn users log in.

Spotify

Follow this guide to register a developer application. After Creating a Spotify app, use the OAuth2 settings to generate a Client Secret and set Redirects. You will need to provide the following to Privy upon completion:

• Client ID
• Client Secret

Telegram

You need to request access to Telegram from the login methods page. Once you have access, follow this guide to create a telegram bot. After creating a Telegram bot, you must set your domain using the /setdomain command in the @BotFather chat. You will need to provide the following to Privy via the Privy Dashboard upon completion:

• Bot token
• Bot name

Note that when configuring Telegram login:

• Your domain must be configured as your bot's allowed domain.
• If you have CSP enforcement, you’ll need to update these directives:
  • script-src must allow https://telegram.org in order to be able to download Telegram's widget script.
  • frame-src must allow https://oauth.telegram.org in order to be able to render Telegram's widget iframe.

TIP

To use your app as a Telegram Mini-App in the Telegram web client, add http://web.telegram.org to your allowed domains in the dashboard Settings page.

WARNING

Telegram login requires developers to create a Telegram bot with a bot secret. This bot secret controls the Telegram bot and is also used as a symmetric key for authentication. Control over this key enables a developer to sign over authentication data, meaning compromise of this key puts your users (and their accounts) at risk.

Securing this symmetric key is essential for the security of all of your app’s Telegram logins.

INFO

Since you need to set your bot's allowed domain you'll need to use a tunneling tool for local development such as Cloudflare tunel or ngrok.

Learn more about Telegram authentication here.

TikTok

Follow the instructions in the 'Prerequisites' section of this guide to register your app and enable LoginKit. When you are creating your app, make sure to specify Configure for Web for your app type (it will be treated as a web app in the context of OAuth since you are using Privy).

TikTok is different from other providers in a few key ways:

• Your OAuth client_id is referred to as client_key.
• You are required to provide a Terms of Service URL and Privacy Policy URL when creating your app.
• TikTok conducts a review process, and your new credentials will not work until your app is approved and move to Production status.

You will need to provide the following to Privy upon completion:

• Client key (as described above)
• Client secret

INFO

If you have an app that has users who have already logged in using Privy's default credentials, we do not yet support migrating these users. If you'd like to test using your own credentials in a development environment, you can do so by creating a new app and setting your credentials before any TikTok users log in.

X (formerly known as Twitter)

Follow this guide to create an X (formerly known as Twitter) app. Make sure to configure your app as a "Confidential client". In the application authentication settings this is the Web app, Automated App or Bot option for Type of App. You will need to provide the following to Privy upon completion:

• Client ID
• Client Secret

The X option for Native App doesn't enforce the use of a Client Secret. This is useful for authenticating with X on your mobile device, without any server involved in the process. You can learn more about Confidential clients in the official X developer documentation.

2. Configure your credentials with Privy

WARNING

Your custom credentials will go live to all your users as soon as you save them in the dashboard. We highly encourage you to test them in a development app before setting them for your production app.

Navigate to the Login methods page on the Privy dashboard by selecting your app and clicking Login Methods on the side bar. Click on the socials tab to see the social providers. Enter the OAuth credentials under the drop down for you set up.

If a provider does not have a drop down, it does not currently support configuring your own credentials.

3. Configure token return and custom scopes

For any OAuth login method for which you configure your own credentials, you are able to have the user's OAuth and Refresh access tokens returned to your application's front by toggling Return OAuth tokens and making use of the useOAuthTokens hook.

If you allow for your application to return OAuth tokens to the front-end, you are also able to configure custom scopes for the OAuth authorization flow, so that the OAuth token returned can be authorized to make API requests beyond the standard scope (such as writes, or authorized access to more granular user data).

WARNING

It is important that OAuth and refresh tokens are highly sensitive tokens that should be handled and stored in a secure fashion, inaccessible to any other third-party systems. Contact us if you have questions or would like guidance on token management best practices.

Notes

• You can update them anytime, with the exception of Apple, LinkedIn, and TikTok.
• You can set and save credentials for disabled providers. These credentials will be stored and will be used for that provider’s requests once you enable it.
• If you are experiencing an issue after setting your own credentials, you can roll back to using Privy's default credentials by removing your own from the configuration screen. We only recommend doing this if you are experiencing an issue as moving to use your own credentials is best practice. This will not work for Apple, LinkedIn, or TikTok if you have existing users.

FAQ

Can I delete my custom credentials and go back to using the Privy default ones?

You can remove your credentials from the same page you configured them to go back to using Privy's defaults. We only recommend doing this if you are experiencing an issue with your own credentials as migrating to your own credentials is the best practice.

For Apple, LinkedIn, and TikTok, once your credentials are in use, you will not be able to reset them due to user migration (see below).

Will migrating to custom credentials impact my users?

For most providers, the change will be undetectable by end users, other than their seeing your app’s name next time the log in (rather than Privy’s). For Apple, LinkedIn, and TikTok, if your app currently uses Privy's default credentials, we do not support updating to custom credentials. This process requires a migration which we have not yet built.

Can I configure my own custom OAuth provider to work with Privy?

No, we do not support the use of OAuth providers outside of our supported set. If you'd like to use a different provider, you may be able to through the use of custom auth.