GuideReference

OAuth Providers

"Sign in with X" is table stakes. Here's the complete breakdown of every major OAuth provider - their pros, cons, costs, and exactly how to set them up.

Quick Comparison

Provider	User Reach	Cost	Setup	Best For
Google	2B+ users	Free	Medium	Consumer apps, B2C products
GitHub	100M+ devs	Free	Easy	Developer tools, open-source projects
Apple	1B+ Apple users	$99/year	Hard	iOS apps, privacy-focused users
X (Twitter)	500M+ users	$100/month	Hard	Social apps, media platforms
Facebook (Meta)	3B+ users	Free	Medium	Social apps, older demographics
Microsoft	1.4B+ users	Free tier	Hard	Enterprise apps, B2B SaaS
LinkedIn	900M+ pros	Free	Medium	Recruiting, B2B, professional tools
Discord	150M+ users	Free	Easy	Gaming, community apps, bots

How OAuth Works (Every Provider)

User clicks login

Redirects to provider

User approves

Grants permission

Callback redirect

With auth code

Exchange for token

Get user data

Hitting redirect_uri_mismatch? Read The OAuth Trap

The Universal Setup Pattern

Every OAuth provider follows the same pattern. Once you understand this, you can set up any provider in minutes.

Create App in Provider's Console

Every provider has a developer portal where you create an "app" or "OAuth client".

Get Client ID + Client Secret

The provider gives you two values: a public ID and a private secret. Guard the secret carefully.

Configure Callback URLs

Tell the provider which URLs can receive the OAuth callback. Add both localhost and production URLs.

Add to Environment Variables

Store ID and secret in .env.local for local dev and in Vercel for production.

Provider Deep Dives

Google

Best for: Consumer apps, B2C products

Medium Setup

User Reach

2B+ users

Cost

Free

Setup Time

15-30 min

Pros

+Largest user base - almost everyone has a Google account
+Highly trusted by users
+Rich profile data (name, email, avatar)
+Free for any volume
+Excellent documentation

Cons

-Complex OAuth consent screen setup
-Verification required for production (can take days)
-Strict app review process for sensitive scopes
-Many settings can be overwhelming

Setup Requirements

Developer Console

Google Cloud Console

Environment Variables

AUTH_GOOGLE_ID=your_client_id

AUTH_GOOGLE_SECRET=your_client_secret

Callback URL Format

https://yourdomain.com/api/auth/callback/google

Requires OAuth consent screen configuration. For production, you may need to verify your app.

GitHub

Best for: Developer tools, open-source projects

Easy Setup

User Reach

100M+ devs

Cost

Free

Setup Time

5-10 min

Pros

+Instant setup - no verification required
+Perfect for developer-focused apps
+Access to repos, gists, and profile data
+Simple, clean interface
+Free forever

Cons

-Smaller user base (100M vs Google's 2B)
-Only relevant for developer audiences
-Limited profile data compared to Google
-Users must have GitHub account

Setup Requirements

Developer Console

GitHub Developer Settings

Environment Variables

AUTH_GITHUB_ID=your_client_id

AUTH_GITHUB_SECRET=your_client_secret

Callback URL Format

https://yourdomain.com/api/auth/callback/github

Apple

Best for: iOS apps, privacy-focused users

Hard Setup

User Reach

1B+ Apple users

Cost

$99/year

Setup Time

30+ min

Pros

+Required for iOS apps with social login
+High trust with Apple users
+"Hide My Email" option protects user privacy
+Seamless on Apple devices

Cons

-$99/year Apple Developer Program required
-Complex key generation process
-Limited user data (name + email only)
-Private relay email makes user contact tricky

Setup Requirements

Developer Console

Apple Developer Portal

Environment Variables

AUTH_APPLE_ID=your_client_id

AUTH_APPLE_SECRET=your_client_secret

Callback URL Format

https://yourdomain.com/api/auth/callback/apple

Apple requires 'Sign in with Apple' if you offer any other social login in your iOS app.

X (Twitter)

Best for: Social apps, media platforms

Hard Setup

User Reach

500M+ users

Cost

$100/month

Setup Time

30+ min

Pros

+Great for social/media apps
+Access to tweets, followers, profile
+Strong presence in tech/news communities
+OAuth 2.0 support with PKCE

Cons

-Requires paid Basic tier ($100/mo) for OAuth 2.0
-Frequent API changes and instability
-User base is niche compared to Google/Facebook
-Complex approval process for elevated access

Setup Requirements

Developer Console

X Developer Portal

Environment Variables

AUTH_TWITTER_ID=your_client_id

AUTH_TWITTER_SECRET=your_client_secret

Callback URL Format

https://yourdomain.com/api/auth/callback/twitter

X's API pricing changed in 2023. Free tier has very limited capabilities. OAuth requires at least Basic tier.

Facebook (Meta)

Best for: Social apps, older demographics

Medium Setup

User Reach

3B+ users

Cost

Free

Setup Time

15-30 min

Pros

+Massive user base (3B+ users)
+Rich social graph data available
+Users familiar with Facebook login
+Free for basic auth

Cons

-App review required for most permissions
-Privacy concerns make users hesitant
-Complex permission system
-Facebook's reputation has declined
-Younger users avoiding Facebook

Setup Requirements

Developer Console

Meta for Developers

Environment Variables

AUTH_FACEBOOK_ID=your_client_id

AUTH_FACEBOOK_SECRET=your_client_secret

Callback URL Format

https://yourdomain.com/api/auth/callback/facebook

Many users now hesitant to grant Facebook access. Consider if your target audience uses Facebook.

Microsoft

Best for: Enterprise apps, B2B SaaS

Hard Setup

User Reach

1.4B+ users

Cost

Free tier

Setup Time

30+ min

Pros

+Essential for enterprise/B2B apps
+Access to Microsoft 365 ecosystem
+Outlook, Teams, OneDrive integration
+Corporate SSO capabilities
+Free tier available

Cons

-Azure portal is complex and confusing
-Tenant configuration can be tricky
-Consumer vs Work account confusion
-Heavy for simple consumer apps

Setup Requirements

Developer Console

Azure Portal (App Registrations)

Environment Variables

AUTH_AZURE_AD_ID=your_client_id

AUTH_AZURE_AD_SECRET=your_client_secret

Callback URL Format

https://yourdomain.com/api/auth/callback/azure-ad

Choose 'Accounts in any organizational directory and personal Microsoft accounts' for widest compatibility.

Best for: Recruiting, B2B, professional tools

Medium Setup

User Reach

900M+ pros

Cost

Free

Setup Time

15-30 min

Pros

+Perfect for professional/B2B apps
+Rich professional profile data
+High trust in business contexts
+Access to company and job data

Cons

-Restrictive API access policies
-Limited to professional audience
-Some features require partnership
-Review process for most data scopes

Setup Requirements

Developer Console

LinkedIn Developer Portal

Environment Variables

AUTH_LINKEDIN_ID=your_client_id

AUTH_LINKEDIN_SECRET=your_client_secret

Callback URL Format

https://yourdomain.com/api/auth/callback/linkedin

Discord

Best for: Gaming, community apps, bots

Easy Setup

User Reach

150M+ users

Cost

Free

Setup Time

5-10 min

Pros

+Huge gaming and community audience
+Easy setup, minimal verification
+Access to guilds (servers) user is in
+Great for community-based apps
+Free

Cons

-Niche audience (gamers, communities)
-Limited professional use cases
-User base skews younger
-Not suitable for enterprise apps

Setup Requirements

Developer Console

Discord Developer Portal

Environment Variables

AUTH_DISCORD_ID=your_client_id

AUTH_DISCORD_SECRET=your_client_secret

Callback URL Format

https://yourdomain.com/api/auth/callback/discord

Saucy Recommendations

Starting a new consumer app?

Start with Google + GitHub. Google covers 90% of users, GitHub covers developers. Add more later as needed.

Building for enterprise/B2B?

Go Microsoft + Google. Corporate users expect Microsoft, but many still use personal Google accounts.

Building a mobile app?

Add Apple Sign In - it's required by Apple if you offer any social login. Google + Apple covers most mobile users.

Building for gaming/community?

Discord is king here. Add Google as a fallback for users who don't game.

Common Mistakes

Not adding all callback URLs

You need callbacks for: localhost:3000, localhost:3001, your-app.vercel.app, yourdomain.com. Miss any one = broken auth.

Exposing client secrets

Never put secrets in client-side code or commit them to git. Use environment variables only.

Forgetting production env vars

Your .env.local doesn't deploy. Add all variables to Vercel/your hosting provider separately.

Not redeploying after adding env vars

After adding env vars in Vercel, you must redeploy for them to take effect.

OAuth Providers

Quick Comparison

How OAuth Works (Every Provider)

The Universal Setup Pattern

Create App in Provider's Console

Get Client ID + Client Secret

Configure Callback URLs

Add to Environment Variables

Provider Deep Dives

Google

Pros

Cons

Setup Requirements

GitHub

Pros

Cons

Setup Requirements

Apple

Pros

Cons

Setup Requirements

X (Twitter)

Pros

Cons

Setup Requirements

Facebook (Meta)

Pros

Cons

Setup Requirements

Microsoft

Pros

Cons

Setup Requirements

LinkedIn

Pros

Cons

Setup Requirements

Discord

Pros

Cons

Setup Requirements

Saucy Recommendations

Starting a new consumer app?

Building for enterprise/B2B?

Building a mobile app?

Building for gaming/community?

Common Mistakes

Not adding all callback URLs

Exposing client secrets

Forgetting production env vars

Not redeploying after adding env vars

Related Resources

The OAuth Trap

Authentication Playbook

Vercel Playbook

OAuth in Terminology