Skip to main content
Docs

Social connections (OAuth)

Before you start

Social connections, also known as OAuth connections in Clerk, allow users to gain access to your application by using their existing credentials from an Identity Provider (IdP), like Google or Microsoft. For example, if you enable Google as a social provider, then when a user wants to sign in to your application, they can select Google and use their Google account to sign in.

Note

When using social connections, the sign-up and sign-in flows are equivalent. If a user doesn't have an account and tries to sign in, an account will be made for them, and vice versa.

The easiest way to add social connections to your Clerk app is by using prebuilt views. If you require more control over the logic, you can build a custom OAuth flow using the Clerk API.

Enable a social connection

  1. In the Clerk Dashboard, navigate to the SSO connections page.
  2. Select the Add connection button, and select For all users.
  3. Select the provider you want to use.
  4. Enabling Enable for sign-up and sign-in will depend on your use case:
    • If you want to allow users to sign up and sign in using the provider, enable this option.
    • If you want to allow users to link their account with this provider to their Clerk account, but not use it for sign-up or sign-in, disable this option. Users can manage their social connections on their user profile page.
  5. Enabling Use custom credentials will depend on your instance type:
    • For development instances, Clerk uses pre-configured, shared credentials to make the setup process as smooth as possible. For most social providers, you can leave this option disabled.
    • For production instances, you need to configure the provider with custom OAuth credentials. See the list of supported providers for provider-specific setup instructions.
  6. Select Enable connection when you're ready for the connection to be available to your users.

Allowlist OAuth redirect URLs

In addition to enabling a social connection in the Clerk Dashboard, native applications require allowlisting the redirect URLs used during the OAuth flow.

Clerk ensures that security critical nonces are passed only to allowlisted URLs when the SSO flow is completed in native browsers or webviews. For maximum security in your production instances, you need to allowlist your custom redirect URLs via the Clerk Dashboard or the Clerk Backend API.

To allowlist a redirect URL via the Clerk Dashboard:

  1. In the Clerk Dashboard, navigate to the Native applications page.
  2. Scroll down to the Allowlist for mobile SSO redirect section and add your redirect URLs.

Note

By default, Clerk uses {bundleIdentifier}://callback as the redirect URL.

Configure additional OAuth scopes

Each OAuth provider requires a specific set of scopes that are necessary for proper authentication with Clerk. These essential scopes are pre-configured and automatically included by Clerk. They typically include permissions for basic profile information and email access, which are fundamental for user authentication and account creation.

In addition to the essential scopes, you can specify additional scopes supported by the provider. These scopes can be used to access additional user data from the provider.

To add additional OAuth scopes, when you enable a new social connection, enable Use custom credentials. The Scopes field will appear.

Request additional OAuth scopes after sign-up

Clerk allows you to request additional OAuth scopes even after a user has signed up.

Apply the .userProfileOAuthConfig(_:) modifier to the UserProfileView or UserButton view, with any additional OAuth scopes you would like per provider. The user will be prompted to reconnect their account on their user profile page.

Use the following tabs to see how to add additional OAuth scopes to the UserProfileView and UserButton views.

UserProfileView()
  .userProfileOAuthConfig([
    .init(provider: .google, additionalScopes: ["foo", "bar"]),
    .init(provider: .github, additionalScopes: ["qux"]),
  ])
UserButton()
  .userProfileOAuthConfig([
    .init(provider: .google, additionalScopes: ["foo", "bar"]),
    .init(provider: .github, additionalScopes: ["qux"]),
  ])

Sign in with Apple

You can use Apple's Sign in with Apple feature to offer a native authentication experience in your iOS, watchOS, macOS, or tvOS apps.

Instead of the typical OAuth flow that redirects through a browser, you can use Apple's native authentication and send the resulting ID token and authorization code to Clerk. Clerk verifies the user against the information Apple provides.

For additional information, see the Sign in with Apple guide.

Supported social providers

Clerk provides a wide range of social providers to ease your users' sign-up and sign-in processes. Select a provider to learn how to configure it for your Clerk app.

Apple logo

Apple

Add Apple as an authentication provider for your Clerk app.

Atlassian logo

Atlassian

Add Atlassian as an authentication provider for your Clerk app.

Bitbucket logo

Bitbucket

Add Bitbucket as an authentication provider for your Clerk app.

Box logo

Box

Add Box as an authentication provider for your Clerk app.

Coinbase logo

Coinbase

Add Coinbase as an authentication provider for your Clerk app.

Discord logo

Discord

Add Discord as an authentication provider for your Clerk app.

Dropbox logo

Dropbox

Add Dropbox as an authentication provider for your Clerk app.

Facebook logo

Facebook

Add Facebook as an authentication provider for your Clerk app.

GitHub logo

GitHub

Add GitHub as an authentication provider for your Clerk app.

GitLab logo

GitLab

Add GitLab as an authentication provider for your Clerk app.

Google logo

Google

Add Google as an authentication provider for your Clerk app.

HubSpot logo

HubSpot

Add HubSpot as an authentication provider for your Clerk app.

Hugging Face logo

Hugging Face

Add Hugging Face as an authentication provider for your Clerk app.

LINE logo

LINE

Add LINE as an authentication provider for your Clerk app.

Linear logo

Linear

Add Linear as an authentication provider for your Clerk app.

LinkedIn logo

LinkedIn

Add LinkedIn as an authentication provider for your Clerk app.

Microsoft logo

Microsoft

Add Microsoft as an authentication provider for your Clerk app.

Notion logo

Notion

Add Notion as an authentication provider for your Clerk app.

Slack logo

Slack

Add Slack as an authentication provider for your Clerk app.

Spotify logo

Spotify

Add Spotify as an authentication provider for your Clerk app.

TikTok logo

TikTok

Add TikTok as an authentication provider for your Clerk app.

Twitch logo

Twitch

Add Twitch as an authentication provider for your Clerk app.

Vercel logo

Vercel

Add Vercel as an authentication provider for your Clerk app.

X/Twitter logo

X/Twitter v2

Add X (Twitter v2) as an authentication provider for your Clerk app.

Xero logo

Xero

Add Xero as an authentication provider for your Clerk app.

Don't see the provider you're looking for? You can configure a custom OIDC-compatible provider or request a new one.

Feedback

What did you think of this content?

Last updated on

GitHubEdit on GitHub