payload-social-auth
v1.0.0
Published
Social Auth plugin for Payload CMS
Readme
Payload Social Auth Plugin
A social authentication plugin for Payload CMS that enables login with GitHub, Google, Facebook, Twitter, and LinkedIn.
Installation
npm install payload-social-auth
# or
pnpm add payload-social-authUsage
import { buildConfig } from 'payload';
import { socialAuthPlugin } from 'payload-social-auth';
export default buildConfig({
// ... your existing config
plugins: [
socialAuthPlugin({
providers: {
github: {
clientId: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
},
google: {
clientId: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
},
// Add other providers as needed
},
jwtSecret: process.env.JWT_SECRET, // optional, defaults to Payload's secret
cookieName: 'payload-social-auth-token', // optional
autoCreateUser: true, // optional, defaults to true
defaultRole: 'user', // optional, defaults to 'user'
onAuthSuccess: async (user, provider) => {
// Custom logic after successful authentication
console.log(`User ${user.id} authenticated via ${provider}`);
},
onAuthFailure: async (error, provider) => {
// Custom logic after failed authentication
console.error(`Auth failed via ${provider}:`, error);
}
}),
],
});Configuration Options
| Option | Type | Description |
|--------|------|-------------|
| disabled | boolean | Enable/disable the plugin |
| providers | object | Configuration for social providers (github, google, facebook, twitter, linkedin) |
| providers.[provider].clientId | string | OAuth client ID |
| providers.[provider].clientSecret | string | OAuth client secret |
| providers.[provider].callbackURL | string | Optional callback URL |
| providers.[provider].scope | string | Optional OAuth scope |
| jwtSecret | string | JWT secret for signing tokens (optional) |
| cookieName | string | Cookie name for storing auth state (optional) |
| autoCreateUser | boolean | Whether to automatically create users (optional, defaults to true) |
| defaultRole | string | Default role for new users (optional, defaults to 'user') |
| onAuthSuccess | function | Callback after successful authentication |
| onAuthFailure | function | Callback after failed authentication |
Provider Setup
GitHub
- Go to https://github.com/settings/developers
- Create a new OAuth App
- Set callback URL to
https://your-domain.com/api/auth/github/callback - Copy Client ID and Client Secret
- Go to https://console.cloud.google.com/apis/credentials
- Create OAuth 2.0 Client ID
- Set authorized redirect URI to
https://your-domain.com/api/auth/google/callback - Copy Client ID and Client Secret
- Go to https://developers.facebook.com/apps/
- Create a new app
- Add Facebook Login product
- Set Valid OAuth Redirect URIs to
https://your-domain.com/api/auth/facebook/callback - Copy App ID and App Secret
- Go to https://developer.twitter.com/
- Create a new project and app
- Set Callback URI to
https://your-domain.com/api/auth/twitter/callback - Copy API Key and API Secret Key
- Go to https://www.linkedin.com/developers/
- Create a new app
- Set Redirect URL to
https://your-domain.com/api/auth/linkedin/callback - Copy Client ID and Client Secret
How It Works
The plugin adds two collections:
social-auth-providers: Stores provider configurationssocial-auth-tokens: Stores user's social auth tokens
It adds API routes for OAuth callbacks:
/api/auth/github/callback/api/auth/google/callback/api/auth/facebook/callback/api/auth/twitter/callback/api/auth/linkedin/callback
When a user authenticates via a social provider:
- The plugin handles the OAuth flow
- Creates or finds a user in the
userscollection - Stores tokens in the
social-auth-tokenscollection - Returns a JWT for authentication
License
MIT
