Skip to content
saas-core

Provider Configuration

Architecture

Section titled “Architecture”

Provider credentials are configured globally via environment variables. Each application’s auth policy then controls which providers are available for that specific application.

.env (global)
  GOOGLE_CLIENT_ID=xxx
  GOOGLE_CLIENT_SECRET=xxx


  


Admin Console Dashboard
  "Google: ✅ Configured"


  


Application Auth Policy
  Allowed Providers: [email, google]

A provider must be configured in .env before it can be enabled for any application. The admin console Dashboard shows the configuration status of every supported provider.

Email + Password

Section titled “Email + Password”

No configuration required. Always enabled by default.

  • No environment variables needed
  • Better Auth handles password hashing (bcrypt)
  • Password policy is configured per-application in Auth Policy

Google

Section titled “Google”
  1. Open the Google Cloud Console
  2. Create a project or select existing
  3. Navigate to APIs & Services → Credentials
  4. Create OAuth 2.0 Client ID (Web Application)
  5. Add authorized redirect URI: 
    http://localhost:3000/api/auth/callback/google
    (use your production URL in production)
  6. Copy Client ID and Client Secret
GOOGLE_CLIENT_ID=123456789-xxxxx.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-xxxxxxxxxxxx

GitHub

Section titled “GitHub”
  1. Open GitHub Developer Settings
  2. Create a new OAuth App
  3. Set Authorization callback URL: 
    http://localhost:3000/api/auth/callback/github
  4. Copy Client ID and generate a Client Secret
GITHUB_CLIENT_ID=Ov23lixxxxxxxx
GITHUB_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Apple Sign In

Section titled “Apple Sign In”
  1. Join the Apple Developer Program
  2. Navigate to Certificates, Identifiers & Profiles
  3. Register a Service ID
  4. Enable Sign In with Apple for the Service ID
  5. Create a Key (.p8 file) for Sign In with Apple
  6. Your Team ID is visible in the Membership tab
APPLE_CLIENT_ID=com.example.service
APPLE_TEAM_ID=ABCDEF123
APPLE_KEY_ID=XYZ789ABC
APPLE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----
...key content...
-----END PRIVATE KEY-----"

Verification

Section titled “Verification”

After configuring providers:

  1. Restart the backend
  2. Open the admin console Dashboard
  3. Confirm the provider shows “Configured”
  4. Navigate to any application’s Auth Policy
  5. Toggle the provider in Allowed Providers
  6. Save — the provider is now available for that application’s users