Add & Update Social Sites into DB
Configure and manage OAuth2 provider registrations
Add & Update OAuth2 Providers
Configure and manage OAuth2 social login provider registrations in your system
This mutation is accessible only to users with ADMIN privileges
Mutation
Schema
addOAuth2Registration(
registrationId: String!
clientId: String
clientSecret: String
clientAuthenticationMethod: String
authorizationGrantType: String
redirectUriTemplate: String
scope: [String]
authorizationUri: String
tokenUri: String
userInfoUri: String
userNameAttributeName: String
jwkSetUri: String
clientName: String
): OAuth2RegistrationParameters
registrationIdRequiredString!clientId
Optional
Type: String
The client ID assigned to your application by the OAuth2 provider
clientSecret
Optional
Type: String
The client secret assigned to your application by the OAuth2 provider
clientAuthenticationMethod
Optional
Type: String
Method used to authenticate the client (commonly "BASIC" or "POST")
authorizationGrantType
Optional
Type: String
Type of grant used for authorization (typically "authorization_code")
redirectUriTemplate
Optional
Type: String
Template for the redirect URI (e.g., "{baseUrl}/oauth2/callback/{registrationId}")
scope
Optional
Type: [String]
List of permissions requested from the OAuth2 provider (e.g., ["openid", "profile", "email"])
authorizationUri
Optional
Type: String
URI for the authorization endpoint where users grant permissions
tokenUri
Optional
Type: String
URI for the token endpoint where authorization codes are exchanged
userInfoUri
Optional
Type: String
URI for the user info endpoint to retrieve user profile data
userNameAttributeName
Optional
Type: String
Attribute name in the user info response used as the username (e.g., "sub", "email")
jwkSetUri
Optional
Type: String
URI for the JSON Web Key Set to validate provider signatures
clientNameOptionalStringReturn Value
The mutation returns the newly created or updated
OAuth2Registration object
with all configuration details
Example
mutation {
addOAuth2Registration(
registrationId: "google"
clientId: "217015743019-arfgls5skjg3tehl67gf8sitbf0rq9k9.apps.googleusercontent.com"
clientSecret: "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"
clientAuthenticationMethod: "BASIC"
authorizationGrantType: "authorization_code"
redirectUriTemplate: "{baseUrl}/oauth2/callback/google"
scope: ["openid", "profile", "email"]
authorizationUri: "https://accounts.google.com/o/oauth2/v2/auth"
tokenUri: "https://www.googleapis.com/oauth2/v4/token"
userInfoUri: "https://www.googleapis.com/oauth2/v3/userinfo"
userNameAttributeName: "sub"
jwkSetUri: "https://www.googleapis.com/oauth2/v3/certs"
clientName: "Google"
) {
registrationId
clientId
clientSecret
clientAuthenticationMethod
authorizationGrantType
redirectUriTemplate
scope
authorizationUri
tokenUri
userInfoUri
userNameAttributeName
jwkSetUri
clientName
}
}Response Example
{
"data": {
"addOAuth2Registration": {
"registrationId": "google",
"clientId": "217015743019-arfgls5skjg3tehl67gf8sitbf0rq9k9.apps.googleusercontent.com",
"clientSecret": "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",
"clientAuthenticationMethod": "BASIC",
"authorizationGrantType": "authorization_code",
"redirectUriTemplate": "{baseUrl}/oauth2/callback/google",
"scope": ["openid", "profile", "email"],
"authorizationUri": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenUri": "https://www.googleapis.com/oauth2/v4/token",
"userInfoUri": "https://www.googleapis.com/oauth2/v3/userinfo",
"userNameAttributeName": "sub",
"jwkSetUri": "https://www.googleapis.com/oauth2/v3/certs",
"clientName": "Google"
}
}
}Provider Examples
registrationId: "facebook"
authorizationUri: "https://www.facebook.com/v12.0/dialog/oauth"
tokenUri: "https://graph.facebook.com/v12.0/oauth/access_token"
userInfoUri: "https://graph.facebook.com/me?fields=id,name,email"
userNameAttributeName: "id"
scope: ["public_profile", "email"]GitHub
registrationId: "github"
authorizationUri: "https://github.com/login/oauth/authorize"
tokenUri: "https://github.com/login/oauth/access_token"
userInfoUri: "https://api.github.com/user"
userNameAttributeName: "id"
scope: ["read:user", "user:email"]Twitter / X
registrationId: "twitter"
authorizationUri: "https://twitter.com/i/oauth2/authorize"
tokenUri: "https://api.twitter.com/2/oauth2/token"
userInfoUri: "https://api.twitter.com/2/users/me"
userNameAttributeName: "id"
scope: ["tweet.read", "users.read"]Configuration Steps
Register your application with the OAuth2 provider's developer console
Get client ID and client secret from the provider
Set up authorized redirect URIs in the provider console
Use this mutation to add the provider configuration to your system
Verify the OAuth2 login flow works correctly with your configuration
Use Cases
Configure a new social login provider for your application
Modify existing provider settings like client secrets or scopes
Update client secrets during regular security rotations
Configure different credentials for dev, staging, and production
Store client secrets securely and never expose them in frontend code. Rotate credentials regularly and use environment-specific configurations for different deployment stages.