NYYU Logo
APIOAuth2

Send Request for Social Login

Initiate OAuth2 authorization flow with social login providers

Send Request for Social Login

Construct authorization URLs to initiate social login flows with OAuth2 providers

Overview

To initiate a social login request, you construct an authorization URL that redirects users to the OAuth2 provider's authorization page. The URL includes your redirect URI where users will be sent after authorization.

URL Structure

🔗
Authorization URL Format
Template for constructing OAuth2 authorization requests
{API_BASE_URL}/oauth2/authorize/{provider}?redirect_uri={OAUTH2_REDIRECT_URI}
URL Components
API_BASE_URLYour API server base URL
providerOAuth2 provider identifier (e.g., google, facebook, github)
OAUTH2_REDIRECT_URIFrontend callback URL after authorization

Example URLs

Development Environment

🔧
Local Development
Example for localhost testing
http://localhost:8080/oauth2/authorize/google?redirect_uri=http://localhost:3000/oauth2/redirect
Configuration:
• API Base: http://localhost:8080
• Provider: google

Production Environment

🌐
Production Deployment
Example for production environment
https://api.yourdomain.com/oauth2/authorize/google?redirect_uri=https://app.yourdomain.com/oauth2/redirect
Configuration:
• Provider: google

Supported Providers

G
Google

OAuth2 provider identifier: google

/oauth2/authorize/google?redirect_uri=...
F
Facebook

OAuth2 provider identifier: facebook

/oauth2/authorize/facebook?redirect_uri=...
Gh
GitHub

OAuth2 provider identifier: github

/oauth2/authorize/github?redirect_uri=...
T
Twitter / X

OAuth2 provider identifier: twitter

/oauth2/authorize/twitter?redirect_uri=...

Implementation Steps

📋
Integration Workflow
Step-by-step implementation guide
1
Construct Authorization URL

Replace API_BASE_URL and OAUTH2_REDIRECT_URI with your actual values

2
Redirect User

When user clicks social login button, redirect them to the constructed URL

3
User Authorization

Provider displays authorization page where user grants permissions

4
Handle Redirect

Provider redirects to OAUTH2_REDIRECT_URI with authorization code or error

5
Complete Login

Backend exchanges authorization code for access token and completes login

Frontend Implementation

💻
JavaScript Example
Client-side integration
// Configuration
const API_BASE_URL = 'https://api.yourdomain.com';
const REDIRECT_URI = 'https://app.yourdomain.com/oauth2/redirect';

// Function to initiate social login
function loginWithGoogle() {
  const authUrl = `${API_BASE_URL}/oauth2/authorize/google?redirect_uri=${encodeURIComponent(REDIRECT_URI)}`;
  window.location.href = authUrl;
}

function loginWithFacebook() {
  const authUrl = `${API_BASE_URL}/oauth2/authorize/facebook?redirect_uri=${encodeURIComponent(REDIRECT_URI)}`;
  window.location.href = authUrl;
}

function loginWithGitHub() {
  const authUrl = `${API_BASE_URL}/oauth2/authorize/github?redirect_uri=${encodeURIComponent(REDIRECT_URI)}`;
  window.location.href = authUrl;
}

Redirect Handler

🔄
Handle Callback
Process OAuth2 redirect response
// At your redirect URI endpoint (e.g., /oauth2/redirect)
function handleOAuth2Callback() {
  const urlParams = new URLSearchParams(window.location.search);

  // Check for authorization code
  const code = urlParams.get('code');
  if (code) {
    // Success - authorization code received
    console.log('Authorization successful');
    // Send code to your backend for token exchange
    exchangeCodeForToken(code);
  }

  // Check for errors
  const error = urlParams.get('error');
  if (error) {
    console.error('Authorization failed:', error);
    const errorDescription = urlParams.get('error_description');
    // Handle error (show user message, redirect to login, etc.)
  }
}

function exchangeCodeForToken(code) {
  // Your backend handles the actual token exchange
  fetch('/api/auth/callback', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ code })
  })
  .then(response => response.json())
  .then(data => {
    // Handle successful authentication
    if (data.token) {
      // Store token and redirect to dashboard
      localStorage.setItem('authToken', data.token);
      window.location.href = '/dashboard';
    }
  })
  .catch(error => {
    console.error('Token exchange failed:', error);
  });
}

Security Considerations

🔒
Security Best Practices
Important security considerations
Use HTTPS in Production

Always use HTTPS for production URLs to prevent man-in-the-middle attacks

Validate Redirect URI

Ensure redirect URIs are registered with OAuth2 providers and match exactly

State Parameter

Consider adding a state parameter to prevent CSRF attacks

Handle Errors Gracefully

Always check for error parameters in the redirect response

Use Cases

🚀
Quick Registration

Allow users to register instantly using their existing social accounts

🔐
Secure Login

Enable secure authentication without managing passwords

👤
Profile Integration

Auto-fill user profiles with information from social accounts

🌐
Multi-Platform Access

Support login from multiple social platforms simultaneously

💡
Pro Tip
Always URL-encode the redirect URI parameter to ensure special characters are handled correctly. Test with multiple providers to ensure consistent behavior.

OAuth2 API Overview

Complete guide to OAuth2 social login configuration and authentication types

Add & Update Social Sites into DB

Configure and manage OAuth2 provider registrations

On this page

OverviewURL StructureExample URLsDevelopment EnvironmentProduction EnvironmentSupported ProvidersImplementation StepsFrontend ImplementationRedirect HandlerSecurity ConsiderationsUse Cases