Skip to Content
Clerk logo

Clerk Docs

Ctrl + K
Go to clerkstage.dev

Social connections (OAuth)

Clerk makes it easy to add social connection capabilities to your application. Social connections are designed to simplify the sign-up and sign-in process for the end-user, resulting in higher conversion rates, a streamlined user data collection flow, and an overall better user experience.

An interactive builder for customizing your <SignIn /> component, which includes choosing identifiers and social login options.

Social connections provide better security than passwords and other long-lived knowledge-based secrets. With social connections, users gain frictionless access to your application by using their existing credentials from an OAuth provider (Google, Facebook, Twitter, etc.) without having to go through complicated registration flows.

When using social connections, the sign-up and sign-in flows are equivalent. If a user doesn't have an account and tries to sign in, an account will be made for them, and vice versa.

The easiest way to add social connections is by using Clerk's prebuilt components. If you prefer a more custom solution, check out how to build a completely custom social connection flow.

Before you start

Configuration

For development instances, Clerk uses pre-configured shared OAuth credentials and redirect URIs to make the development flow as smooth as possible. This means that you can enable any provider without additional configuration. In the Clerk Dashboard, go to User & Authentication > Social Connections(opens in a new tab) and toggle on the providers you want to use.

The Social Connections page in the Clerk Dashboard, which includes a list of social connection providers and a toggle to enable them.

For production instances, you will need to configure the provider with your OAuth credentials. Don't worry, Clerk provides dedicated guides on how to do this for each provider.

Configure additional OAuth scopes

For each provider, there is a set of pre-configured OAuth scopes that are absolutely necessary for authentication to work properly with Clerk. We call them base scopes.

On top of them, you can specify any additional scopes supported by the provider, by adding them to the "Scopes" field when configuring a custom profile.

The 'Scopes' section of a social connections' settings modal.

Request additional OAuth scopes after sign-up

With Clerk, you can request additional OAuth scopes even after a user has signed up.

For Clerk Components, this is handled automatically by Clerk. You only have to pass the additionalOAuthScopes prop in the <UserProfile/> component or the corresponding userProfileProp in the <UserButton /> component, with any additional OAuth scope you would like per provider.

OAuth Access Token Wallet

You can retrieve the OAuth access tokens of your users via the OAuth Access Token Wallet(opens in a new tab) endpoint that's available in the Clerk Backend API.

Using these tokens, you can query the respective OAuth providers for additional data of your users.

Clerk ensures that the OAuth Access Token will be always fresh so that you don't have to worry about OAuth Refresh Tokens anymore.

Add social connection after sign-up

For each OAuth provider, you can choose whether it will be available during sign-up and sign-in, or if the connection should be made later.

This is especially useful for applications that prefer to connect third-parties after the fact. For example, a Github connection can be made after sign-up if an application wants to read repository data.

After sign-up, connections can be made through our <UserProfile/> component, or with a custom flow(opens in a new tab).

The 'Google' social connection settings modal with a red box surrounding the 'Enable for sign-up and sign-in' section.

Connecting to OAuth providers while signed in

When signed in, a user can connect to further OAuth providers as well. There is no need to perform another sign-up.

When using Clerk's Account Portal pages, users can see which providers they have already connected to and which ones they can still connect to on their User Profile page.

The User Profile page in the Account Portal. There is a red arrow pointing to the 'Connect account' button in the 'Connected accounts' section.

If you are using Clerk's prebuilt components, you can use the <UserProfile/> component to allow users to connect to further OAuth providers.

What did you think of this content?

Clerk © 2024