Social Login (OAuth/OIDC)
Social login lets your users sign in using their existing accounts with external identity providers like GitHub and Google. Aero2 handles the entire OAuth flow, creates local user accounts, and establishes sessions automatically.
How It Works
- The user clicks a "Sign in with [Provider]" button in your application.
- Your application redirects to Aero2's authorization endpoint with the desired provider.
- Aero2 redirects the user to the provider's login page.
- The user authenticates with the provider and grants access.
- The provider redirects back to Aero2 with the user's identity.
- Aero2 creates a new local account (or links to an existing one if the email matches).
- A session is established and Aero2 redirects back to your application with an authorization code.
Supported Provider Types
Aero2 supports two standard protocols for identity providers:
- OAuth 2.0 — Used by providers like GitHub. Aero2 handles the authorization code exchange and fetches user profile data from the provider's API.
- OpenID Connect (OIDC) — A layer on top of OAuth 2.0 that includes standardized identity claims. Used by providers like Google. Aero2 can auto-discover endpoints via the provider's
.well-known/openid-configuration.
Built-in Providers
These providers are pre-configured and ready to use once you add your client credentials:
| Provider | Protocol | What You Need |
|---|---|---|
| GitHub | OAuth 2.0 | Client ID and Client Secret from a GitHub OAuth App |
| OIDC | Client ID and Client Secret from a Google Cloud OAuth 2.0 credential |
Custom Providers
Any standards-compliant OAuth 2.0 or OIDC provider can be added as a custom identity provider. You supply the provider's endpoints (authorization URL, token URL, userinfo URL) along with your client credentials.
For OIDC providers, you can provide just the issuer URL and Aero2 will auto-discover the endpoints.
Setup Guides
API Reference
- Identity Providers API — Create, update, and manage identity providers