alezmad/claudemesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2557235c6866ae5fad599cd9cd979468520c881f
claudemesh/docs/oauth-setup.md
Alejandro Gutiérrez cdb5a75f78
Some checks failed
CI / Tests / 🧪 Test (push) Has been cancelled
Details
feat(auth): enable GitHub + Google OAuth for v0.1.0 public launch 
BetterAuth social providers (GitHub, Google, Apple) were already wired
on the server side at packages/auth/src/server.ts. Env vars
GITHUB_CLIENT_ID/SECRET + GOOGLE_CLIENT_ID/SECRET already present in
.env.example + .env.production.template. The SocialProviders component
at apps/web/src/modules/auth/form/social-providers.tsx already renders
the buttons.

The only missing piece was trimming the provider list — we had Apple in
config/auth.ts but no plan to ship Apple for v0.1.0. Drop it.

Add docs/oauth-setup.md with step-by-step wiring for:
- GitHub OAuth app (Homepage + callback URLs)
- Google OAuth client (authorized origins + redirect URIs)
- Production env propagation
- Troubleshooting (redirect_uri_mismatch, invalid_client, etc)

User action required: create the GitHub OAuth app + add claudemesh.com
redirect to the existing Google OAuth client in GCP project
surfquant-490521, then populate the 4 env vars in production.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 22:59:38 +01:00

72 lines
2.7 KiB
Markdown
Raw Blame History

# OAuth setup
claudemesh supports GitHub and Google sign-in via BetterAuth. Both providers are wired but inert until you supply credentials.
## 1. GitHub OAuth app
Create a new OAuth app at <https://github.com/settings/developers> → **New OAuth App**:
| Field | Value |
|---|---|
| Application name | claudemesh |
| Homepage URL | `https://claudemesh.com` |
| Authorization callback URL | `https://claudemesh.com/api/auth/callback/github` |
For local development, register a **second** OAuth app with `http://localhost:3000/api/auth/callback/github` as the callback, or add both callbacks to one app if GitHub allows (it does — callback URLs accept a newline-separated list).
Copy the **Client ID** and generate a **Client Secret**, then put them in `apps/web/.env.local`:
```env
GITHUB_CLIENT_ID=Iv1.xxxxxxxxxxxxxxxx
GITHUB_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```
## 2. Google OAuth client
Open <https://console.cloud.google.com/apis/credentials> and either reuse an existing OAuth 2.0 Client ID or create a new one (type: **Web application**).
Add authorized redirect URIs:
- `https://claudemesh.com/api/auth/callback/google`
- `http://localhost:3000/api/auth/callback/google`
Add authorized JavaScript origins:
- `https://claudemesh.com`
- `http://localhost:3000`
Copy the client ID and secret into `apps/web/.env.local`:
```env
GOOGLE_CLIENT_ID=xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-xxxxxxxxxxxxxxxxxxxxxxxxxxx
```
> Google changes may take 5 minutes to a few hours to propagate.
## 3. Production deployment
Mirror the same four variables into the production environment (`.env.production` on the VPS, or the Coolify secret store). No code changes needed — BetterAuth reads them at runtime.
## 4. Verifying the flow
1. Start the dev server: `pnpm dev`
2. Open <http://localhost:3000/auth/login>
3. Click **Continue with GitHub** or **Continue with Google**
4. You should land back on `/dashboard` with a new user row in the `user` table and a matching `account` row in `account`
## Callback URL reference
BetterAuth auto-derives callback URLs from your base URL:
| Provider | Callback path |
|---|---|
| GitHub | `/api/auth/callback/github` |
| Google | `/api/auth/callback/google` |
## Troubleshooting
- **"redirect_uri_mismatch"** — the callback URL registered with the provider does not exactly match what BetterAuth is sending. Check for `http` vs `https`, trailing slashes, port numbers.
- **Provider button doesn't appear** — check `apps/web/src/config/auth.ts` lists the provider in `providers.oAuth`.
- **"invalid_client"** — client ID or secret is wrong, or the OAuth app is disabled/suspended in the provider console.
Reference in New Issue View Git Blame Copy Permalink