Plainform

Learn how to add OAuth authentication providers to your Plainform application for one-click sign-in.

Goal

By the end of this recipe, you'll have added OAuth providers (Google, GitHub, Microsoft, etc.) to your sign-in and sign-up pages.

Prerequisites

A working Plainform installation
Clerk account with application configured
Access to Clerk Dashboard

Plainform's custom sign-in/sign-up forms already include OAuth button components. You just need to enable providers in Clerk Dashboard.

Steps

Enable OAuth Provider in Clerk

Navigate to your Clerk Dashboard:

Go to User & Authentication → Social Connections
Find the provider you want to enable (Google, GitHub, Microsoft, etc.)
Toggle the provider ON
Click Save

Start with Google and GitHub as they're the most commonly used and easiest to set up.

Configure Provider Credentials

Each OAuth provider requires credentials (Client ID and Secret). Clerk provides two options:

Option 1: Use Clerk's Development Credentials (Recommended for Testing)

Clerk provides pre-configured credentials for development. No additional setup needed.

Option 2: Use Your Own Credentials (Required for Production)

Click Use custom credentials for your provider
Follow the provider-specific setup guide:
- Google: Create OAuth app in Google Cloud Console
- GitHub: Create OAuth app in GitHub Settings
- Microsoft: Create app in Azure Portal
Copy the Client ID and Client Secret
Paste them into Clerk Dashboard
Add the Redirect URI from Clerk to your OAuth app settings

For production, you MUST use your own OAuth credentials. Clerk's development credentials are rate-limited and not suitable for live apps.

The SignInForm component already includes OAuth buttons. Verify they're present:

components/user/SignInForm.tsx

import { OAuthConnection } from '@/components/user/OAuthConnection';

export function SignInForm() {
  return (
    <div>
      {/* Email/password form */}
      
      <div className="relative my-6">
        <div className="absolute inset-0 flex items-center">
          <span className="w-full border-t" />
        </div>
        <div className="relative flex justify-center text-xs uppercase">
          <span className="bg-background px-2 text-muted-foreground">
            Or continue with
          </span>
        </div>
      </div>

      {/* OAuth buttons */}
      <div className="grid grid-cols-2 gap-4">
        <OAuthConnection strategy="oauth_google" icon="Google">
          Google
        </OAuthConnection>
        <OAuthConnection strategy="oauth_github" icon="Github">
          GitHub
        </OAuthConnection>
      </div>
    </div>
  );
}

If the buttons aren't present, add them using the code above.

Similarly, verify OAuth buttons are in the SignUpForm:

components/user/SignUpForm.tsx

import { OAuthConnection } from '@/components/user/OAuthConnection';

export function SignUpForm() {
  return (
    <div>
      {/* OAuth buttons at the top */}
      <div className="grid grid-cols-2 gap-4 mb-6">
        <OAuthConnection strategy="oauth_google" icon="Google">
          Google
        </OAuthConnection>
        <OAuthConnection strategy="oauth_github" icon="Github">
          GitHub
        </OAuthConnection>
      </div>

      <div className="relative my-6">
        <div className="absolute inset-0 flex items-center">
          <span className="w-full border-t" />
        </div>
        <div className="relative flex justify-center text-xs uppercase">
          <span className="bg-background px-2 text-muted-foreground">
            Or sign up with email
          </span>
        </div>
      </div>

      {/* Email/password form */}
    </div>
  );
}

Test OAuth Flow

Start your development server:

npm run dev

Test the OAuth flow:

Navigate to http://localhost:3000/sign-in
Click an OAuth provider button (e.g., "Google")
Complete the OAuth flow in the popup
You should be redirected back to your app and signed in
Check Clerk Dashboard → Users to see the new OAuth user

In development, Clerk uses test mode. OAuth flows work the same as production but use Clerk's development credentials.

Available OAuth Providers

Clerk supports the following OAuth providers. Enable them in Clerk Dashboard → Social Connections:

oauth_google - Google
oauth_github - GitHub
oauth_microsoft - Microsoft
oauth_apple - Apple
oauth_facebook - Facebook
oauth_linkedin - LinkedIn
oauth_twitter - Twitter (X)
oauth_discord - Discord
oauth_twitch - Twitch
oauth_gitlab - GitLab
oauth_bitbucket - Bitbucket

To add a provider:

Enable it in Clerk Dashboard → Social Connections
Add the OAuth button to your sign-in/sign-up forms:

<OAuthConnection strategy="oauth_microsoft" icon="Microsoft">
  Microsoft
</OAuthConnection>

To add custom provider icons, see the SVG Finder component documentation.

Customization Options

Change Button Layout

Display OAuth buttons in a single column:

Single column layout

<div className="space-y-3">
  <OAuthConnection strategy="oauth_google" icon="Google">
    Continue with Google
  </OAuthConnection>
  <OAuthConnection strategy="oauth_github" icon="Github">
    Continue with GitHub
  </OAuthConnection>
</div>

OAuth Callback Handling

Plainform includes an OAuth callback page at app/(auth)/sso-callback/page.tsx:

app/(auth)/sso-callback/page.tsx

'use client';

import { AuthenticateWithRedirectCallback } from '@clerk/nextjs';

export default function SSOCallback() {
  return <AuthenticateWithRedirectCallback />;
}

This page handles the OAuth redirect and completes the authentication flow. No changes needed unless you want to customize the loading state.

Common Issues

OAuth Button Not Working

Verify the provider is enabled in Clerk Dashboard
Check that the strategy name matches exactly (e.g., oauth_google)
Ensure OAuthConnection component is imported correctly
Check browser console for errors

Ensure popups are allowed in browser settings
Test in incognito mode to rule out extensions
Check that redirect URLs are configured correctly in Clerk

User Not Created After OAuth

Verify email verification settings in Clerk Dashboard
Check that the OAuth provider returns an email address
Review Clerk Dashboard → Users for pending verifications

Redirect Loop After OAuth

Check middleware configuration in proxy.ts
Verify redirect URLs in Clerk Dashboard match your app URLs
Ensure sso-callback route is accessible (not protected)

Production Setup

When deploying to production:

Use Your Own OAuth Credentials
- Create OAuth apps for each provider
- Add production redirect URLs
- Update credentials in Clerk Dashboard
Configure Redirect URLs
- Add your production domain to OAuth app settings
- Update Clerk Dashboard with production URLs
- Format: https://yourdomain.com/sso-callback
Test OAuth Flow
- Test each provider in production
- Verify redirects work correctly
- Check that users are created in Clerk Dashboard

OAuth providers require HTTPS in production. Ensure your domain has a valid SSL certificate.

Best Practices

Offer Multiple Providers: Give users choice (Google, GitHub, Microsoft)
Clear Labeling: Use "Continue with [Provider]" for clarity
Consistent Placement: Put OAuth buttons in the same location on sign-in and sign-up
Error Handling: Show clear error messages if OAuth fails
Privacy Policy: Link to your privacy policy near OAuth buttons

Next Steps

Customize Sign-In - Customize the sign-in page
Implement Roles - Add role-based access control
Protect Routes - Secure your application routes

Authentication Overview - Learn about Clerk integration
Setup & Configuration - Configure Clerk
Troubleshooting - Fix common issues

Add OAuth