alezmad/claudemesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3753a6e137ffe6bcda56079f1aa06e58d2e3a844
claudemesh/docs/oauth-setup.md
Alejandro Gutiérrez cdb5a75f78
Some checks failed
CI / Tests / 🧪 Test (push) Has been cancelled
Details
feat(auth): enable GitHub + Google OAuth for v0.1.0 public launch 
BetterAuth social providers (GitHub, Google, Apple) were already wired
on the server side at packages/auth/src/server.ts. Env vars
GITHUB_CLIENT_ID/SECRET + GOOGLE_CLIENT_ID/SECRET already present in
.env.example + .env.production.template. The SocialProviders component
at apps/web/src/modules/auth/form/social-providers.tsx already renders
the buttons.

The only missing piece was trimming the provider list — we had Apple in
config/auth.ts but no plan to ship Apple for v0.1.0. Drop it.

Add docs/oauth-setup.md with step-by-step wiring for:
- GitHub OAuth app (Homepage + callback URLs)
- Google OAuth client (authorized origins + redirect URIs)
- Production env propagation
- Troubleshooting (redirect_uri_mismatch, invalid_client, etc)

User action required: create the GitHub OAuth app + add claudemesh.com
redirect to the existing Google OAuth client in GCP project
surfquant-490521, then populate the 4 env vars in production.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 22:59:38 +01:00

2.7 KiB
Raw Blame History

OAuth setup

claudemesh supports GitHub and Google sign-in via BetterAuth. Both providers are wired but inert until you supply credentials.

1. GitHub OAuth app

Create a new OAuth app at https://github.com/settings/developersNew OAuth App:

Field Value
Application name claudemesh
Homepage URL https://claudemesh.com
Authorization callback URL https://claudemesh.com/api/auth/callback/github

For local development, register a second OAuth app with http://localhost:3000/api/auth/callback/github as the callback, or add both callbacks to one app if GitHub allows (it does — callback URLs accept a newline-separated list).

Copy the Client ID and generate a Client Secret, then put them in apps/web/.env.local:

GITHUB_CLIENT_ID=Iv1.xxxxxxxxxxxxxxxx
GITHUB_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

2. Google OAuth client

Open https://console.cloud.google.com/apis/credentials and either reuse an existing OAuth 2.0 Client ID or create a new one (type: Web application).

Add authorized redirect URIs:

  • https://claudemesh.com/api/auth/callback/google
  • http://localhost:3000/api/auth/callback/google

Add authorized JavaScript origins:

  • https://claudemesh.com
  • http://localhost:3000

Copy the client ID and secret into apps/web/.env.local:

GOOGLE_CLIENT_ID=xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-xxxxxxxxxxxxxxxxxxxxxxxxxxx

Google changes may take 5 minutes to a few hours to propagate.

3. Production deployment

Mirror the same four variables into the production environment (.env.production on the VPS, or the Coolify secret store). No code changes needed — BetterAuth reads them at runtime.

4. Verifying the flow

  1. Start the dev server: pnpm dev
  2. Open http://localhost:3000/auth/login
  3. Click Continue with GitHub or Continue with Google
  4. You should land back on /dashboard with a new user row in the user table and a matching account row in account

Callback URL reference

BetterAuth auto-derives callback URLs from your base URL:

Provider Callback path
GitHub /api/auth/callback/github
Google /api/auth/callback/google

Troubleshooting

  • "redirect_uri_mismatch" — the callback URL registered with the provider does not exactly match what BetterAuth is sending. Check for http vs https, trailing slashes, port numbers.
  • Provider button doesn't appear — check apps/web/src/config/auth.ts lists the provider in providers.oAuth.
  • "invalid_client" — client ID or secret is wrong, or the OAuth app is disabled/suspended in the provider console.
Reference in New Issue View Git Blame Copy Permalink