Custom Login

Configure additional social login providers for your login box via OAuth

🚧

Feature Support

Custom social login is currently available via API.

Frontegg supports login box authentication via multiple Social Login Providers. For added flexibility, we offer you the ability to configure whichever social login provider you wish via OAuth. That way, you are not limited to using only the social providers we offer 'out of the box', but can fully tailor the experience to your requirements.

Configuring a Social Provider via OAuth

To add a custom social login provider to your login box, do the following:

Step 1: Authenticate your environment

To configure a custom social provider, you need to authenticate your environment using the credentials fetched from Environments ➜ [NAME OF ENVIRONMENT] ➜ Settings ➜ General Settings.

Step 2: Create your custom OAuth provider

Go to the documentation of the social provider you want to add and fetch their relevant authorization endpoints. Invoke a POST request with the following payload along with your vendor token:

curl --location --request POST 'https://api.frontegg.com/frontegg/identity/resources/sso/custom/v1' \
--header 'Authorization: Bearer [token-from-vendor-authentication]' \
--header 'Content-Type: application/json' \
--data-raw '{
            "type": "custom",
            "clientId": "xxxxxxx",
            "secret":"xxxxxxx",
            "authorizationUrl": "xxxxxxx",
            "userInfoUrl": "xxxxxxx",
            "scopes": "openid email profile",
            "displayName": "custom",
            "active": true,
            "redirectUrl": "https://[your-frontegg-subdomain].frontegg.com/oauth/account/social/success",
            "redirectUrlPattern": "https://[your-frontegg-subdomain].frontegg.com/oauth/account/social/success",
            "tokenUrl": "xxxxxxx",
            "ssoLogoUrl": "your-provider-logo-url"
        }'

Clarification regarding redirectUrl and redirectUrlPatterns

If you use the Hosted login method, the redirectUrl and redirectUrlPatterns should be in the following format: https://[your-frontegg-domain].frontegg.com/oauth/account/social/success. For a custom domain, use: https://[custom-domain].frontegg.com/oauth/account/social/success.

For the Embedded Login method, the redirectUrl and redirectUrlPatterns should be [your-application-url]/account/social/success, for example: http://localhost:3000/account/social/success.

🚧

Redirect URLs

After setting your redirect URL, make sure to add it to your list of authorized callback URLs within your IDP settings.

Updating a custom OAuth provider

To update your custom OAuth provider, send the following POST request. Note that all attributes are optional except for the secret key (mandatory).

curl --location --request PATCH 'https://api.frontegg.com/frontegg/identity/resources/sso/custom/v1/:{id}' \
--header 'Authorization: Bearer [token-from-vendor-authentication]' \
--header 'Content-Type: application/json' \
--data-raw '{
            "secret":"xxxxxxx"
        }'
        

Deleting a custom OAuth Provider

To Delete a custom OAuth Provider, use:

curl --location --request DELETE 'https://api.frontegg.com/frontegg/identity/resources/sso/custom/v1/:{id}' \
--header 'Authorization: Bearer [token-from-vendor-authentication]' \
--header 'Content-Type: application/json' \
--data-raw ''