OAuth Provider Configuration: A Hard Prerequisite for Authentication
OAuth Provider Configuration: A Hard Prerequisite for Authentication
Applies to: v1.0.33 and later
Overview
The platform's sign-in and sign-up flows are powered entirely by OAuth. If no OAuth provider credentials are present in the runtime environment, the sign-in page (src/platform/auth/sign-in-buttons.tsx) will display:
No authentication providers configured
This error will appear for every user on every authentication page. There is no fallback. Configuring at least one OAuth provider is a hard prerequisite for running the platform.
Supported OAuth Providers
The following providers are supported. You must fully configure at least one:
| Provider | Environment Variable | Description |
|---|---|---|
AUTH_GOOGLE_ID | Google OAuth 2.0 Client ID | |
AUTH_GOOGLE_SECRET | Google OAuth 2.0 Client Secret | |
| GitHub | AUTH_GITHUB_ID | GitHub OAuth App Client ID |
| GitHub | AUTH_GITHUB_SECRET | GitHub OAuth App Client Secret |
Both variables in a provider pair must be set together — a partial configuration (e.g. only AUTH_GOOGLE_ID without AUTH_GOOGLE_SECRET) will not activate that provider.
Setup Instructions
Step 1: Choose a Provider
Decide which OAuth provider(s) your deployment will use. For most enterprise environments, Google is recommended as it integrates with existing Google Workspace identities.
Step 2: Create OAuth Credentials
Google:
- Go to the Google Cloud Console → APIs & Services → Credentials.
- Create an OAuth 2.0 Client ID (Application type: Web application).
- Add your deployment's callback URL as an authorized redirect URI:
https://<your-domain>/api/auth/callback/google - Copy the Client ID and Client Secret.
GitHub:
- Go to GitHub → Settings → Developer Settings → OAuth Apps → New OAuth App.
- Set the Authorization callback URL to:
https://<your-domain>/api/auth/callback/github - Copy the Client ID and generate a Client Secret.
Step 3: Set Environment Variables
Add the credentials to your environment. Reference .env.example for the full list of supported variables.
Example (.env.local or equivalent):
# Google OAuth (recommended for enterprise)
AUTH_GOOGLE_ID=your-google-client-id
AUTH_GOOGLE_SECRET=your-google-client-secret
# GitHub OAuth (optional, additional provider)
# AUTH_GITHUB_ID=your-github-client-id
# AUTH_GITHUB_SECRET=your-github-client-secret
⚠️ Never commit real credentials to version control. Use your platform's secrets management (e.g. environment variable injection in CI/CD, Docker secrets, cloud provider secret stores).
Step 4: Verify the Configuration
After setting credentials, restart the application and navigate to the sign-in page. If the provider buttons appear, configuration is successful.
If you still see the "No authentication providers configured" error:
- Double-check that both variables in the pair are set (ID and SECRET).
- Confirm the environment variables are visible to the running process (e.g. they are not scoped to build-time only).
- Check application logs on startup — if
getProviders()returns an empty array, a startup warning should appear in the logs.
Deployment Checklist
Before going live, verify the following:
- At least one complete OAuth provider credential pair is configured in the deployment environment.
- The OAuth callback URL registered with the provider matches your deployment's domain exactly.
- Credentials are stored as secrets, not committed to source control.
- Application starts without authentication errors on the sign-in page.
Related
- Changelog — v1.0.33
.env.examplein the repository root for a full list of supported environment variables.