npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@capgo/capacitor-social-login

v8.2.5

Published

All social logins in one plugin

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

riderxriderx

Keywords

capacitorpluginnativesociallogingooglefacebookappletwitterssooauthoauth2

Readme

@capgo/capacitor-social-login

Fork Information

This plugin is a fork of @codetrix-studio/capacitor-google-auth. We created this fork because the original plugin is "virtually" archived with no way to reach the maintainer in any medium, and only one person (@reslear) has write rights but doesn't handle native code.

If you're currently using @codetrix-studio/capacitor-google-auth, we recommend migrating to this plugin. You can follow our migration guide here.

About

All social logins in one plugin

This plugin implements social auth for:

  • Google (with credential manager)
  • Apple (with OAuth on android)
  • Facebook (with latest SDK)
  • Twitter/X (OAuth 2.0)
  • Generic OAuth2 (supports multiple providers: GitHub, Azure AD, Auth0, Okta, and any OAuth2-compliant server)

This plugin is the all-in-one solution for social authentication on Web, iOS, and Android.

Documentation

Best experience to read the doc here:

https://capgo.app/docs/plugins/social-login/getting-started/

Install

npm install @capgo/capacitor-social-login
npx cap sync

Dynamic Provider Dependencies

You can configure which providers to include to reduce app size. This is especially useful if you only need specific providers.

Configuration

Add provider configuration to your capacitor.config.ts:

import type { CapacitorConfig } from '@capacitor/cli';

const config: CapacitorConfig = {
  appId: 'com.example.app',
  appName: 'MyApp',
  webDir: 'dist',
  plugins: {
    SocialLogin: {
      providers: {
        google: true,      // true = enabled (bundled), false = disabled (not bundled)
        facebook: true,   // Use false to reduce app size
        apple: true,      // Apple uses system APIs, no external deps
        twitter: false   // false = disabled (not bundled)
      }
    }
  }
};

export default config;

Provider Configuration

  • true (default): Provider is enabled - dependencies are bundled in final APK/IPA
  • false: Provider is disabled - dependencies are not bundled in final APK/IPA

Notes

  • Changes require running npx cap sync to take effect
  • If configuration is not provided, all providers default to true (enabled, backward compatible)
  • Important: Disabling a provider (false) will make it unavailable at runtime, regardless of whether it actually adds any dependencies. The provider will be disabled even if it uses only system APIs.
  • This configuration only affects iOS and Android platforms; it does not affect the web platform.
  • Important: Using false means the dependency won't be bundled, but the plugin code still compiles against it. Ensure the consuming app includes the dependency if needed.
  • Apple Sign-In on Android uses OAuth flow without external SDK dependencies
  • Twitter uses standard OAuth 2.0 flow without external SDK dependencies

Example: Reduce App Size

To only include Google Sign-In and disable others:

plugins: {
  SocialLogin: {
    providers: {
      google: true,      // Enabled
      facebook: false,   // Disabled (not bundled)
      apple: true,       // Enabled
      twitter: false     // Disabled (not bundled)
    }
  }
}

Apple

How to get the credentials How to setup redirect url

Android configuration

For android you need a server to get the callback from the apple login. As we use the web SDK .

Call the initialize method with the apple provider

await SocialLogin.initialize({
  apple: {
    clientId: 'your-client-id',
    redirectUrl: 'your-redirect-url',
  },
});
const res = await SocialLogin.login({
  provider: 'apple',
  options: {
    scopes: ['email', 'name'],
  },
});

iOS configuration

call the initialize method with the apple provider

await SocialLogin.initialize({
  apple: {
    clientId: 'your-client-id', // it not used at os level only in plugin to know which provider initialize
  },
});
const res = await SocialLogin.login({
  provider: 'apple',
  options: {
    scopes: ['email', 'name'],
  },
});

Facebook

Docs: How to setup facebook login

Android configuration

More information can be found here: https://developers.facebook.com/docs/android/getting-started

Then call the initialize method with the facebook provider

await SocialLogin.initialize({
  facebook: {
    appId: 'your-app-id',
    clientToken: 'your-client-token',
  },
});
const res = await SocialLogin.login({
  provider: 'facebook',
  options: {
    permissions: ['email', 'public_profile'],
  },
});

iOS configuration

In file ios/App/App/AppDelegate.swift add or replace the following:

import UIKit
import Capacitor
import FBSDKCoreKit

@UIApplicationMain
class AppDelegate: UIResponder, UIApplicationDelegate {

    var window: UIWindow?

    func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
        // Override point for customization after application launch.
        FBSDKCoreKit.ApplicationDelegate.shared.application(
            application,
            didFinishLaunchingWithOptions: launchOptions
        )

        return true
    }

    ...

    func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey: Any] = [:]) -> Bool {
        // Called when the app was launched with a url. Feel free to add additional processing here,
        // but if you want the App API to support tracking app url opens, make sure to keep this call
        if (FBSDKCoreKit.ApplicationDelegate.shared.application(
            app,
            open: url,
            sourceApplication: options[UIApplication.OpenURLOptionsKey.sourceApplication] as? String,
            annotation: options[UIApplication.OpenURLOptionsKey.annotation]
        )) {
            return true;
        } else {
            return ApplicationDelegateProxy.shared.application(app, open: url, options: options)
        }
    }
}

Add the following in the ios/App/App/info.plist file inside of the outermost <dict>:


<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleURLSchemes</key>
        <array>
            <string>fb[APP_ID]</string>
        </array>
    </dict>
</array>
<key>FacebookAppID</key>
<string>[APP_ID]</string>
<key>FacebookClientToken</key>
<string>[CLIENT_TOKEN]</string>
<key>FacebookDisplayName</key>
<string>[APP_NAME]</string>
<key>LSApplicationQueriesSchemes</key>
<array>
    <string>fbapi</string>
    <string>fbauth</string>
    <string>fb-messenger-share-api</string>
    <string>fbauth2</string>
    <string>fbshareextension</string>
</array>

More information can be found here: https://developers.facebook.com/docs/facebook-login/ios

Then call the initialize method with the facebook provider

await SocialLogin.initialize({
  facebook: {
    appId: 'your-app-id',
  },
});
const res = await SocialLogin.login({
  provider: 'facebook',
  options: {
    permissions: ['email', 'public_profile'],
  },
});

Google

How to get the credentials

Complete Configuration Example

For Google login to work properly across all platforms, you need different client IDs and must understand the requirements for each mode:

await SocialLogin.initialize({
  google: {
    webClientId: 'YOUR_WEB_CLIENT_ID',        // Required for Android and Web
    iOSClientId: 'YOUR_IOS_CLIENT_ID',        // Required for iOS  
    iOSServerClientId: 'YOUR_WEB_CLIENT_ID',  // Required for iOS offline mode and server authorization (same as webClientId)
    mode: 'online',  // 'online' or 'offline'
  }
});

Important Notes:

  • webClientId: Required for Android and Web platforms
  • iOSClientId: Required for iOS platform
  • iOSServerClientId: Required when using mode: 'offline' on iOS or when you need to verify the token on the server (should be the same value as webClientId)
  • mode: 'offline': Returns only serverAuthCode for backend authentication, no user profile data
  • mode: 'online': Returns user profile data and access tokens (default)

Android configuration

The implementation use the new library of Google who use Google account at Os level, make sure your device does have at least one google account connected

Call the initialize method with the google provider:

await SocialLogin.initialize({
  google: {
    webClientId: 'your-web-client-id', // Required: the web client id for Android and Web
  },
});
const res = await SocialLogin.login({
  provider: 'google',
  options: {
    scopes: ['email', 'profile'],
  },
});

iOS configuration

Call the initialize method with the google provider:

await SocialLogin.initialize({
  google: {
    iOSClientId: 'your-ios-client-id',           // Required: the iOS client id
    iOSServerClientId: 'your-web-client-id',     // Required for offline mode: same as webClientId
    mode: 'online',  // 'online' for user data, 'offline' for server auth code only
  },
});
const res = await SocialLogin.login({
  provider: 'google',
  options: {
    scopes: ['email', 'profile'],
  },
});

Offline Mode Behavior: When using mode: 'offline', the login response will only contain:

{
  provider: 'google',
  result: {
    serverAuthCode: 'auth_code_for_backend',
    responseType: 'offline'
  }
  // Note: No user profile data is returned in offline mode
}

Web

Initialize method to create a script tag with Google lib. We cannot know when it's ready so be sure to do it early in web otherwise it will fail.

OAuth2 (Generic)

The plugin supports generic OAuth2 authentication, allowing you to integrate with any OAuth2-compliant provider (GitHub, Azure AD, Auth0, Okta, custom servers, etc.). You can configure multiple OAuth2 providers simultaneously.

Multi-Provider Configuration

await SocialLogin.initialize({
  oauth2: {
    // GitHub OAuth2
    github: {
      appId: 'your-github-client-id',
      authorizationBaseUrl: 'https://github.com/login/oauth/authorize',
      accessTokenEndpoint: 'https://github.com/login/oauth/access_token',
      redirectUrl: 'myapp://oauth/github',
      scope: 'read:user user:email',
      pkceEnabled: true,
    },
    // Azure AD OAuth2
    azure: {
      appId: 'your-azure-client-id',
      authorizationBaseUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
      accessTokenEndpoint: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
      redirectUrl: 'myapp://oauth/azure',
      scope: 'openid profile email',
      pkceEnabled: true,
      resourceUrl: 'https://graph.microsoft.com/v1.0/me',
    },
    // Auth0 OAuth2
    auth0: {
      appId: 'your-auth0-client-id',
      authorizationBaseUrl: 'https://your-tenant.auth0.com/authorize',
      accessTokenEndpoint: 'https://your-tenant.auth0.com/oauth/token',
      redirectUrl: 'myapp://oauth/auth0',
      scope: 'openid profile email offline_access',
      pkceEnabled: true,
      additionalParameters: {
        audience: 'https://your-api.example.com',
      },
    },
  },
});

Login with a Specific Provider

// Login with GitHub
const githubResult = await SocialLogin.login({
  provider: 'oauth2',
  options: {
    providerId: 'github',  // Required: must match key from initialize()
  },
});

// Login with Azure AD
const azureResult = await SocialLogin.login({
  provider: 'oauth2',
  options: {
    providerId: 'azure',
    scope: 'openid profile email',  // Optional: override default scopes
  },
});

console.log('Access Token:', azureResult.result.accessToken?.token);
console.log('ID Token:', azureResult.result.idToken);
console.log('User Data:', azureResult.result.resourceData);

Check Login Status

const status = await SocialLogin.isLoggedIn({
  provider: 'oauth2',
  providerId: 'github',  // Required for OAuth2
});
console.log('Is logged in:', status.isLoggedIn);

Logout

await SocialLogin.logout({
  provider: 'oauth2',
  providerId: 'github',  // Required for OAuth2
});

Refresh Token

await SocialLogin.refresh({
  provider: 'oauth2',
  options: {
    providerId: 'github',  // Required for OAuth2
  },
});

OAuth2 Configuration Options

| Option | Type | Required | Description | |--------|------|----------|-------------| | appId | string | Yes | OAuth2 Client ID | | authorizationBaseUrl | string | Yes | Authorization endpoint URL | | accessTokenEndpoint | string | No* | Token endpoint URL (*Required for code flow) | | redirectUrl | string | Yes | Callback URL for OAuth redirect | | responseType | 'code' | 'token' | No | OAuth flow type (default: 'code') | | pkceEnabled | boolean | No | Enable PKCE (default: true) | | scope | string | No | Default scopes to request | | resourceUrl | string | No | URL to fetch user profile after auth | | additionalParameters | Record<string, string> | No | Extra params for authorization URL | | additionalResourceHeaders | Record<string, string> | No | Extra headers for resource request | | logoutUrl | string | No | URL to open on logout | | logsEnabled | boolean | No | Enable debug logging (default: false) |

Platform-Specific Notes

iOS: Uses ASWebAuthenticationSession for secure authentication.

Android: Uses a WebView-based authentication flow.

Web: Opens a popup window for OAuth flow.

Security Recommendations

  1. Always use PKCE (pkceEnabled: true) for public clients
  2. Use authorization code flow (responseType: 'code') instead of implicit flow
  3. Store tokens securely using @capgo/capacitor-persistent-account
  4. Use HTTPS for all endpoints and redirect URLs in production

Troubleshooting

Invalid Privacy Manifest (ITMS-91056)

If you get this error on App Store Connect:

ITMS-91056: Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path is invalid: ...

How to fix:

  • Make sure your app's PrivacyInfo.xcprivacy is valid JSON, with only Apple-documented keys/values.
  • Do not include a privacy manifest in the plugin, only in your app.

Google Play Console AD_ID Permission Error

Problem: After submitting your app to Google Play, you receive this error:

Google Api Error: Invalid request - This release includes the com.google.android.gms.permission.AD_ID permission
but your declaration on Play Console says your app doesn't use advertising ID.

Root Cause: The Facebook SDK includes AD_ID and other advertising-related permissions.

Solution: If you're not using Facebook login, set facebook: false in your capacitor.config.ts:

const config: CapacitorConfig = {
  plugins: {
    SocialLogin: {
      providers: {
        google: true,
        facebook: false,  // Completely excludes Facebook SDK and its permissions
        apple: true,
      },
    },
  },
};

Then run npx cap sync. The plugin uses stub classes instead of the real Facebook SDK, so no Facebook dependencies or permissions are included in your build.

Google Sign-In with Family Link Supervised Accounts

Problem: When users try to sign in with Google accounts supervised by Family Link, login fails with:

NoCredentialException: No credentials available

Root Cause: Family Link supervised accounts have different authentication requirements and may not work properly with certain Google Sign-In configurations.

Solution: When implementing Google Sign-In for apps that need to support Family Link accounts, use the following configuration:

import { SocialLogin } from '@capacitor/social-login';

// For Family Link accounts, disable filtering by authorized accounts
await SocialLogin.login({
  provider: 'google',
  options: {
    style: 'bottom', // or 'standard'
    filterByAuthorizedAccounts: false, // Important for Family Link (default is true)
    scopes: ['profile', 'email']
  }
});

Key Points:

  • Set filterByAuthorizedAccounts to false to ensure Family Link accounts are visible (default is true)
  • The plugin will automatically retry with 'standard' style if 'bottom' style fails with NoCredentialException
  • These options only affect Android; iOS handles Family Link accounts normally
  • The error message will suggest disabling filterByAuthorizedAccounts if login fails

Note: Other apps like Listonic work with Family Link accounts because they use similar configurations. The default settings may be too restrictive for supervised accounts.

Where to store access tokens?

You can use the @capgo/capacitor-persistent-account plugin for this.

This plugin stores data in secure locations for native devices.

For Android, it will store data in Android's Account Manager, which provides system-level account management. For iOS, it will store data in the Keychain, which is Apple's secure credential storage.

API

initialize(...)

initialize(options: InitializeOptions) => Promise<void>

Initialize the plugin

| Param | Type | | ------------- | --------------------------------------------------------------- | | options | InitializeOptions |

login(...)

login<T extends "apple" | "google" | "facebook" | "twitter" | "oauth2">(options: Extract<LoginOptions, { provider: T; }>) => Promise<{ provider: T; result: ProviderResponseMap[T]; }>

Login with the selected provider

| Param | Type | | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | options | Extract<{ provider: 'facebook'; options: FacebookLoginOptions; }, { provider: T; }> | Extract<{ provider: 'google'; options: GoogleLoginOptions; }, { provider: T; }> | Extract<{ provider: 'apple'; options: AppleProviderOptions; }, { provider: T; }> | Extract<{ provider: 'twitter'; options: TwitterLoginOptions; }, { provider: T; }> | Extract<{ provider: 'oauth2'; options: OAuth2LoginOptions; }, { provider: T; }> |

Returns: Promise<{ provider: T; result: ProviderResponseMap[T]; }>

logout(...)

logout(options: { provider: 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2'; providerId?: string; }) => Promise<void>

Logout

| Param | Type | | ------------- | ----------------------------------------------------------------------------------------------------------- | | options | { provider: 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2'; providerId?: string; } |

isLoggedIn(...)

isLoggedIn(options: isLoggedInOptions) => Promise<{ isLoggedIn: boolean; }>

IsLoggedIn

| Param | Type | | ------------- | --------------------------------------------------------------- | | options | isLoggedInOptions |

Returns: Promise<{ isLoggedIn: boolean; }>

getAuthorizationCode(...)

getAuthorizationCode(options: AuthorizationCodeOptions) => Promise<AuthorizationCode>

Get the current authorization code

| Param | Type | | ------------- | ----------------------------------------------------------------------------- | | options | AuthorizationCodeOptions |

Returns: Promise<AuthorizationCode>

refresh(...)

refresh(options: LoginOptions) => Promise<void>

Refresh the access token

| Param | Type | | ------------- | ----------------------------------------------------- | | options | LoginOptions |

providerSpecificCall(...)

providerSpecificCall<T extends ProviderSpecificCall>(options: { call: T; options: ProviderSpecificCallOptionsMap[T]; }) => Promise<ProviderSpecificCallResponseMap[T]>

Execute provider-specific calls

| Param | Type | | ------------- | --------------------------------------------------------------------- | | options | { call: T; options: ProviderSpecificCallOptionsMap[T]; } |

Returns: Promise<ProviderSpecificCallResponseMap[T]>

getPluginVersion()

getPluginVersion() => Promise<{ version: string; }>

Get the native Capacitor plugin version

Returns: Promise<{ version: string; }>

Interfaces

InitializeOptions

| Prop | Type | Description | | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | | oauth2 | Record<string, OAuth2ProviderConfig> | OAuth2 provider configurations. Supports multiple providers by using a Record with provider IDs as keys. | | twitter | { clientId: string; redirectUrl: string; defaultScopes?: string[]; forceLogin?: boolean; audience?: string; } | | | facebook | { appId: string; clientToken?: string; locale?: string; } | | | google | { iOSClientId?: string; iOSServerClientId?: string; webClientId?: string; mode?: 'online' | 'offline'; hostedDomain?: string; redirectUrl?: string; } | | | apple | { clientId?: string; redirectUrl?: string; useProperTokenExchange?: boolean; useBroadcastChannel?: boolean; } | |

OAuth2ProviderConfig

Configuration for a single OAuth2 provider instance

| Prop | Type | Description | Default | | ------------------------------- | --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | | appId | string | The OAuth 2.0 client identifier (App ID / Client ID) | | | authorizationBaseUrl | string | The base URL of the authorization endpoint | | | accessTokenEndpoint | string | The URL to exchange the authorization code for tokens Required for authorization code flow | | | redirectUrl | string | Redirect URL that receives the OAuth callback | | | resourceUrl | string | Optional URL to fetch user profile/resource data after authentication The access token will be sent as Bearer token in the Authorization header | | | responseType | 'code' | 'token' | The OAuth response type - 'code': Authorization Code flow (recommended, requires accessTokenEndpoint) - 'token': Implicit flow (less secure, tokens returned directly) | 'code' | | pkceEnabled | boolean | Enable PKCE (Proof Key for Code Exchange) Strongly recommended for public clients (mobile/web apps) | true | | scope | string | Default scopes to request during authorization | | | additionalParameters | Record<string, string> | Additional parameters to include in the authorization request | | | additionalResourceHeaders | Record<string, string> | Additional headers to include when fetching the resource URL | | | logoutUrl | string | Custom logout URL for ending the session | | | logsEnabled | boolean | Enable debug logging | false |

FacebookLoginResponse

| Prop | Type | | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | accessToken | AccessToken | null | | idToken | string | null | | profile | { userID: string; email: string | null; friendIDs: string[]; birthday: string | null; ageRange: { min?: number; max?: number; } | null; gender: string | null; location: { id: string; name: string; } | null; hometown: { id: string; name: string; } | null; profileURL: string | null; name: string | null; imageURL: string | null; } |

AccessToken

| Prop | Type | | ------------------------- | --------------------- | | applicationId | string | | declinedPermissions | string[] | | expires | string | | isExpired | boolean | | lastRefresh | string | | permissions | string[] | | token | string | | tokenType | string | | refreshToken | string | | userId | string |

GoogleLoginResponseOnline

| Prop | Type | | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | accessToken | AccessToken | null | | idToken | string | null | | profile | { email: string | null; familyName: string | null; givenName: string | null; id: string | null; name: string | null; imageUrl: string | null; } | | responseType | 'online' |

GoogleLoginResponseOffline

| Prop | Type | | -------------------- | ---------------------- | | serverAuthCode | string | | responseType | 'offline' |

AppleProviderResponse

| Prop | Type | Description | | ----------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------- | | accessToken | AccessToken | null | Access token from Apple | | idToken | string | null | Identity token (JWT) from Apple | | profile | { user: string; email: string | null; givenName: string | null; familyName: string | null; } | User profile information | | authorizationCode | string | Authorization code for proper token exchange (when useProperTokenExchange is enabled) |

TwitterLoginResponse

| Prop | Type | | ------------------ | ----------------------------------------------------------- | | accessToken | AccessToken | null | | refreshToken | string | null | | scope | string[] | | tokenType | 'bearer' | | expiresIn | number | null | | profile | TwitterProfile |

TwitterProfile

| Prop | Type | | --------------------- | --------------------------- | | id | string | | username | string | | name | string | null | | profileImageUrl | string | null | | verified | boolean | | email | string | null |

OAuth2LoginResponse

| Prop | Type | Description | | ------------------ | ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------- | | providerId | string | The provider ID that was used for this login | | accessToken | AccessToken | null | The access token received from the OAuth provider | | idToken | string | null | The ID token (JWT) if provided by the OAuth server (e.g., OpenID Connect) | | refreshToken | string | null | The refresh token if provided (requires appropriate scope like offline_access) | | resourceData | Record<string, unknown> | null | Resource data fetched from resourceUrl if configured Contains the raw JSON response from the resource endpoint | | scope | string[] | The scopes that were granted | | tokenType | string | Token type (usually 'bearer') | | expiresIn | number | null | Token expiration time in seconds |

FacebookLoginOptions

| Prop | Type | Description | Default | | ------------------ | --------------------- | ---------------- | ------------------ | | permissions | string[] | Permissions | | | limitedLogin | boolean | Is Limited Login | false | | nonce | string | Nonce | |

GoogleLoginOptions

| Prop | Type | Description | Default | Since | | -------------------------------- | ------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------- | ----------------------- | ------ | | scopes | string[] | Specifies the scopes required for accessing Google APIs The default is defined in the configuration. | | | | nonce | string | Nonce | | | | forceRefreshToken | boolean | Force refresh token (only for Android) | false | | | forcePrompt | boolean | Force account selection prompt (iOS) | false | | | style | 'bottom' | 'standard' | Style | 'standard' | | | filterByAuthorizedAccounts | boolean | Filter by authorized accounts (Android only) | true | | | autoSelectEnabled | boolean | Auto select enabled (Android only) | false | | | prompt | 'none' | 'consent' | 'select_account' | 'consent select_account' | 'select_account consent' | Prompt parameter for Google OAuth (Web only) | | 7.12.0 |

AppleProviderOptions

| Prop | Type | Description | Default | | ------------------------- | --------------------- | --------------------------------------------- | ------------------ | | scopes | string[] | Scopes | | | nonce | string | Nonce | | | state | string | State | | | useBroadcastChannel | boolean | Use Broadcast Channel for authentication flow | false |

TwitterLoginOptions

| Prop | Type | Description | | ------------------ | --------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | | scopes | string[] | Additional scopes to request during login. If omitted the plugin falls back to the default scopes configured during initialization. | | state | string | Provide a custom OAuth state value. When not provided the plugin generates a cryptographically random value. | | codeVerifier | string | Provide a pre-computed PKCE code verifier (mostly used for testing). When omitted the plugin generates a secure verifier automatically. | | redirectUrl | string | Override the redirect URI for a single login call. Useful when the same app supports multiple callback URLs per platform. | | forceLogin | boolean | Force the consent screen on every attempt, maps to force_login=true. |

OAuth2LoginOptions

| Prop | Type | Description | | -------------------------- | --------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | | providerId | string | The provider ID as configured in initialize() This is required to identify which OAuth2 provider to use | | scope | string | Override the scopes for this login request If not provided, uses the scopes from initialization | | state | string | Custom state parameter for CSRF protection If not provided, a random value is generated | | codeVerifier | string | Override PKCE code verifier (for testing purposes) If not provided, a secure random verifier is generated | | redirectUrl | string | Override redirect URL for this login request | | additionalParameters | Record<string, string> | Additional parameters to add to the authorization URL |

isLoggedInOptions

| Prop | Type | Description | | ---------------- | ----------------------------------------------------------------------- | --------------------------------------------------------------------- | | provider | 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2' | Provider | | providerId | string | Provider ID for OAuth2 providers (required when provider is 'oauth2') |

AuthorizationCode

| Prop | Type | Description | | ----------------- | ------------------- | ------------ | | jwt | string | Jwt | | accessToken | string | Access Token |

AuthorizationCodeOptions

| Prop | Type | Description | | ---------------- | ----------------------------------------------------------------------- | --------------------------------------------------------------------- | | provider | 'apple' | 'google' | 'facebook' | 'twitter' | 'oauth2' | Provider | | providerId | string | Provider ID for OAuth2 providers (required when provider is 'oauth2') |

FacebookGetProfileResponse

| Prop | Type | Description | | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | | profile | { [key: string]: any; id: string | null; name: string | null; email: string | null; first_name: string | null; last_name: string | null; picture?: { data: { height: number | null; is_silhouette: boolean | null; url: string | null; width: number | null; }; } | null; } | Facebook profile data |

FacebookRequestTrackingResponse

| Prop | Type | Description | | ------------ | ------------------------------------------------------------------------ | --------------------------------- | | status | 'authorized' | 'denied' | 'notDetermined' | 'restricted' | App tracking authorization status |

FacebookGetProfileOptions

| Prop | Type | Description | | ------------ | --------------------- | ---------------------------------------- | | fields | string[] | Fields to retrieve from Facebook profile |

Type Aliases

Record

Construct a type with a set of properties K of type T

{ [P in K]: T; }

ProviderResponseMap

{ facebook: FacebookLoginResponse; google: GoogleLoginResponse; apple: AppleProviderResponse; twitter: TwitterLoginResponse; oauth2: OAuth2LoginResponse; }

GoogleLoginResponse

GoogleLoginResponseOnline | GoogleLoginResponseOffline

LoginOptions

{ provider: 'facebook'; options: FacebookLoginOptions; } | { provider: 'google'; options: GoogleLoginOptions; } | { provider: 'apple'; options: AppleProviderOptions; } | { provider: 'twitter'; options: TwitterLoginOptions; } | { provider: 'oauth2'; options: OAuth2LoginOptions; }

Extract

Extract from T those types that are assignable to U

T extends U ? T : never

ProviderSpecificCallResponseMap

{ 'facebook#getProfile': FacebookGetProfileResponse; 'facebook#requestTracking': FacebookRequestTrackingResponse; }

ProviderSpecificCall

'facebook#getProfile' | 'facebook#requestTracking'

ProviderSpecificCallOptionsMap

{ 'facebook#getProfile': FacebookGetProfileOptions; 'facebook#requestTracking': FacebookRequestTrackingOptions; }

FacebookRequestTrackingOptions

Record<string, never>

Privacy Manifest for App Developers

If you use Google, Facebook, or Apple login, you must declare the data collected by their SDKs in your app's PrivacyInfo.xcprivacy file (not in the plugin).

Add this file in your app at: ios/App/PrivacyInfo.xcprivacy

Google Sign-In Example

{
  "NSPrivacyCollectedDataTypes": [
    { "NSPrivacyCollectedDataType": "EmailAddress", "NSPrivacyCollectedDataTypeLinked": true, "NSPrivacyCollectedDataTypeTracking": false },
    { "NSPrivacyCollectedDataType": "Name", "NSPrivacyCollectedDataTypeLinked": true, "NSPrivacyCollectedDataTypeTracking": false },
    { "NSPrivacyCollectedDataType": "UserID", "NSPrivacyCollectedDataTypeLinked": true, "NSPrivacyCollectedDataTypeTracking": false }
  ]
}

Facebook Login Example

{
  "NSPrivacyCollectedDataTypes": [
    { "NSPrivacyCollectedDataType": "EmailAddress", "NSPrivacyCollectedDataTypeLinked": true, "NSPrivacyCollectedDataTypeTracking": false },
    { "NSPrivacyCollectedDataType": "Name", "NSPrivacyCollectedDataTypeLinked": true, "NSPrivacyCollectedDataTypeTracking": false },
    { "NSPrivacyCollectedDataType": "UserID", "NSPrivacyCollectedDataTypeLinked": true, "NSPrivacyCollectedDataTypeTracking": false },
    { "NSPrivacyCollectedDataType": "FriendsList", "NSPrivacyCollectedDataTypeLinked": true, "NSPrivacyCollectedDataTypeTracking": false }
  ]
}

Apple Sign-In Example

{
  "NSPrivacyCollectedDataTypes": [
    { "NSPrivacyCollectedDataType": "EmailAddress", "NSPrivacyCollectedDataTypeLinked": true, "NSPrivacyCollectedDataTypeTracking": false },
    { "NSPrivacyCollectedDataType": "Name", "NSPrivacyCollectedDataTypeLinked": true, "NSPrivacyCollectedDataTypeTracking": false }
  ]
}
  • Adjust the data types to match your app's usage and the SDK documentation.
  • See Apple docs for all allowed keys and values.

Combine facebook and google URL handler in AppDelegate.swift

    func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey: Any] = [:]) -> Bool {
        // Called when the app was launched with a url. Feel free to add additional processing here,
        // but if you want the App API to support tracking app url opens, make sure to keep this call

        // Return true if the URL was handled by either Facebook or Google authentication
        // https://github.com/Cap-go/capacitor-social-login/blob/main/docs/setup_facebook.md#ios-setup
        // https://github.com/Cap-go/capacitor-social-login/blob/main/docs/setup_google.md#using-google-login-on-ios
        if FBSDKCoreKit.ApplicationDelegate.shared.application(
            app,
            open: url,
            sourceApplication: options[UIApplication.OpenURLOptionsKey.sourceApplication] as? String,
            annotation: options[UIApplication.OpenURLOptionsKey.annotation]
        ) || GIDSignIn.sharedInstance.handle(url) {
            return true
        }

        // If URL wasn't handled by auth services, pass it to Capacitor for processing
        return ApplicationDelegateProxy.shared.application(app, open: url, options: options)
    }

Credits

This plugin implementation of google is based on CapacitorGoogleAuth with a lot of rework, the current maintainer is unreachable, we are thankful for his work and are now going forward on our own! Thanks to reslear for helping to transfer users to this plugin from the old one and all the work.