{"id":13394514,"url":"https://github.com/lipp/login-with","last_synced_at":"2025-05-15T01:06:28.222Z","repository":{"id":16699746,"uuid":"78092926","full_name":"lipp/login-with","owner":"lipp","description":"Stateless login-with microservice for OAuth","archived":false,"fork":false,"pushed_at":"2022-12-30T16:38:38.000Z","size":786,"stargazers_count":2329,"open_issues_count":39,"forks_count":143,"subscribers_count":39,"default_branch":"master","last_synced_at":"2025-04-13T22:39:28.687Z","etag":null,"topics":["docker","facebook","google","jwt","linkedin","login","microservice","now","oauth","passport","reddit","twitter"],"latest_commit_sha":null,"homepage":"https://login-with.com","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lipp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-01-05T08:07:21.000Z","updated_at":"2025-04-03T11:20:01.000Z","dependencies_parsed_at":"2023-01-11T20:25:16.049Z","dependency_job_id":null,"html_url":"https://github.com/lipp/login-with","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lipp%2Flogin-with","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lipp%2Flogin-with/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lipp%2Flogin-with/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lipp%2Flogin-with/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lipp","download_url":"https://codeload.github.com/lipp/login-with/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254254041,"owners_count":22039792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","facebook","google","jwt","linkedin","login","microservice","now","oauth","passport","reddit","twitter"],"created_at":"2024-07-30T17:01:22.229Z","updated_at":"2025-05-15T01:06:24.977Z","avatar_url":"https://github.com/lipp.png","language":"JavaScript","readme":"[![Build Status](https://travis-ci.org/lipp/login-with.svg?branch=master)](https://travis-ci.org/lipp/login-with)\n[![Coverage Status](https://coveralls.io/repos/github/lipp/login-with/badge.svg?branch=master)](https://coveralls.io/github/lipp/login-with?branch=master)\n\n# About\n\nStateless authentication microservice for \"login-with\" functionality, supporting:\n\n- Twitter\n- GitHub\n- Reddit\n- Facebook\n- Google\n- LinkedIn\n- Instagram\n- Mixer\n- Spotify\n- Strava\n- AppleID\n- ... more to come (PRs welcome)\n\nYou can deploy with [`now`](https://zeit.co/now) or [`Docker`](https://www.docker.com/) (for mandatory and optional env variables see below).\n\n```sh\n$ now lipp/login-with\n$ docker run lipp/login-with\n```\n\nThis microservice must run in a subdomain of yours, e.g. `login.yourdomain.com`.\n\n```html\n\u003ca href='https://login.yourdomain.com/twitter?success=ON_SUCCESS_URL\u0026failure=ON_FAILURE_URL'\u003e\n  Login with Twitter\n\u003c/a\u003e\n```\n\nOn successful login two cookies will be created:\n\n- `jwt` - A \"JSON Web Token\" (JWT) containing profile information and the respective access tokens (Twitter/etc). http-only!\n- `profile` - A JSON string which containing non-sensitive information (accessible from browser JS):\n  - `username` - string / mandatory, the account specific user alias (e.g. Twitter name)\n  - `photo` - string / optional, the account specific user image link\n  - `name` - string / optional, the \"real\" name\n\nThe cookies will be available for your toplevel domain and all subdomains. In addition, the cookie's `secure` flag is set, which means\nthat your other websites/webservices must run over `https`.\n\n# Supported by\n\nIf you want to easily add token-based authentication to your apps, feel free to check out Auth0's SDKs and free plan at [auth0.com/overview](https://auth0.com/overview?utm_source=GHsponsor\u0026utm_medium=GHsponsor\u0026utm_campaign=login-with\u0026utm_content=auth) \u003cimg src=\"https://cdn.auth0.com/styleguide/components/1.0.8/media/logos/img/badge.svg\" alt=\"Auth0 logo\" width=\"20\" /\u003e.\n\n# Setup\n\nThe configuration is done by means of environment variables.\n\n## Mandatory environment variables\n\n- `LW_SESSION_SECRET` - The session secret used by the microservice\n- `LW_JWT_SECRET` - The secret to sign the JSON Web Token (JWT)\n- `LW_SUBDOMAIN` - The subdomain this microservice runs, e.g. `login.yourdomain.com`.\n  All other subdomains (e.g. `api.yourdomain.com`) and the top-level (e.g. `yourdomain.com`)\n\n## Optional environment variables\n\n- `LW_COOKIE_MAXAGE` - The max age of the store cookie, defaults to 10 days\n- `LW_PROFILE_COOKIENAME` - The profile's cookie name, defaults to `profile`\n- `LW_JWT_COOKIENAME` - The JSON Web Token's (JWT) cookie name, defaults to `jwt`\n- `LW_DYNAMIC_SCOPE` - When set allows you to customize the scopes used in an authentication request, defaults to off\n- `LW_COOKIE_DOMAIN` - The explicit cookie domain, e.g. `.foo.com`. If not specified this will derive from `LW_SUBDOMAIN`, e.g. if `LW_SUBDOMAIN=login.foo.com` then the cookie domain \"defaults\" to `.foo.com`. This is ok unless you have multi level subdomain for (`LW_SUBDOMAIN=dev.login.foo.com`).\nIn this case you must explicitly set `LW_COOKIE_DOMAIN=.foo.com` as `.login.foo.com` would be the auto guessed value.\n\n## GitHub specific environment variables\n\nYou need to create your own GitHub OAuth application. If `LW_SUBDOMAIN=login.yourdomain.com` your Authorization callback URL\nmust be: `https://login.yourdomain.com/github/callback`\n\n- `LW_GITHUB_CLIENTID` - Your GitHub Client ID\n- `LW_GITHUB_CLIENTSECRET` - Your GitHub Client Secret\n\n## Google specific environment variables\n\nYou need to create your own Google OAuth application. If `LW_SUBDOMAIN=login.yourdomain.com` your Authorization callback URL\nmust be: `https://login.yourdomain.com/google/callback`\n\n- `LW_GOOGLE_CLIENTID` - Your Google Client ID\n- `LW_GOOGLE_CLIENTSECRET` - Your Google Client Secret\n\n## Facebook specific environment variables\n\nYou need to create your own Facebook login application. If `LW_SUBDOMAIN=login.yourdomain.com` your allowed redirects\nmust be: `https://login.yourdomain.com/facebook/callback`\n\n- `LW_FACEBOOK_APPID` - Your Facebook App ID\n- `LW_FACEBOOK_APPSECRET` - Your Facebook App Secret\n\n## LinkedIn specific environment variables\n\nYou need to create your own LinkedIn OAuth2 application. If `LW_SUBDOMAIN=login.yourdomain.com` your Authorization callback URL\nmust be: `https://login.yourdomain.com/linkedin/callback`\n\n- `LW_LINKEDIN_CLIENTID` - Your LinkedIn Client ID\n- `LW_LINKEDIN_CLIENTSECRET` - Your LinkedIn Client Secret\n\n## Reddit specific environment variables\n\nYou need to create your own Reddit OAuth application. If `LW_SUBDOMAIN=login.yourdomain.com` your Authorization callback URL\nmust be: `https://login.yourdomain.com/reddit/callback`\n\n- `LW_REDDIT_CLIENTID` - Your Reddit Client ID\n- `LW_REDDIT_CLIENTSECRET` - Your Reddit Client Secret\n\n## Twitter specific environment variables\n\nYou need to create your own Twitter OAuth application. If `LW_SUBDOMAIN=login.yourdomain.com` your Authorization callback URL\nmust be: `https://login.yourdomain.com/twitter/callback`\n\n- `LW_TWITTER_CONSUMERKEY` - Your Twitter Consumer Key\n- `LW_TWITTER_CONSUMERSECRET` - Your Twitter Consumer Secret\n\n## Mixer specific environment variables\n\nYou need to create your own Mixer OAuth Client. If `LW_SUBDOMAIN=login.yourdomain.com` your Authorization callback URL\nmust be: `https://login.yourdomain.com/mixer/callback`\n\n- `LW_MIXER_CLIENTID` - Your Mixer Client ID\n- `LW_MIXER_CLIENTSECRET` - Your Mixer Client Secret\n- `LW_MIXER_SCOPE` - Specify which scopes the authorization request with Mixer should have. Check [Mixer's documentation](https://dev.mixer.com/reference/oauth/index.html#oauth_scopes) for scopes.\n\n## Instagram specific environment variables\n\nYou need to create your own Instagram OAuth application. If `LW_SUBDOMAIN=login.yourdomain.com` your Authorization callback URL\nmust be: `https://login.yourdomain.com/instagram/callback`\n\n- `LW_INSTAGRAM_CLIENTID` - Your Instagram Client ID\n- `LW_INSTAGRAM_CLIENTSECRET` - Your Instagram Client Secret\n\n## Spotify specific environment variables\n\nYou need to create your own Spotify OAuth application. If `LW_SUBDOMAIN=login.yourdomain.com` is your Authorization callback URL\nmust be: `https://login.yourdomain.com/spotify/callback`\n\n- `LW_SPOTIFY_CLIENTID` - Your Spotify Client ID\n- `LW_SPOTIFY_CLIENTSECRET` - Your Spotify Client Secret\n\n## Strava specific environment variables\n\nYou need to create your own Strava OAuth application. If `LW_SUBDOMAIN=login.yourdomain.com` your Authorization callback URL\nmust be: `https://login.yourdomain.com/strava/callback`\n\n- `LW_STRAVA_CLIENTID` - Your Strava Client ID\n- `LW_STRAVA_CLIENTSECRET` - Your Strava Client Secret\n\n## AppleID specific environment variables\nYou need to be [Apple Developer](https://developer.apple.com/programs/enroll/):\n\n- `LW_APPLE_TEAMID` - Team ID at your [membership page](https://developer.apple.com/account/#membership)\n- `LW_APPLE_KEYID` -  register [new key](https://developer.apple.com/account/resources/authkeys). Add \"Sign in with Apple\" capability, download key. **it downloads only once**\n- `LW_APPLE_KEYLOCATION` - path to key file relative to your server\n- `LW_APPLE_SERVICEID` -  register [Services ID](https://developer.apple.com/account/resources/identifiers/list/serviceId)\n- `LW_APPLE_CALLBACK` - enable \"Sign in with Apple\" capability in service you created, configure your callback url (should be like: https://yourwebsite.com/apple/callback)\n\u003c!-- You probably need to verify ownership of a domain. Just [google](https://www.google.com/search?q=apple-developer-domain-association.txt) --\u003e\n\n# Endpoints\n\n- `/twitter` - login with Twitter account (if configured through env variables)\n- `/facebook` - login with Facebook account (if configured through env variables)\n- `/github` - login with GitHub account (if configured through env variables)\n- `/google` - login with Google account (if configured through env variables)\n- `/reddit` - login with Reddit account (if configured through env variables)\n- `/mixer` - login with Mixer account (if configured through env variables)\n- `/linkedin` - login with LinkedIn account (if configured through env variables)\n- `/instagram` - login with Instagram account (if configured through env variables)\n- `/spotify` - login with Spotify account (if configured through env variables)\n- `/strava` - login with Strava account (if configured through env variables)\n- `/apple` - login with AppleID (if configured through env variables)\n- `/logout` - logout and clears the respective cookies\n\nAll endpoints expect the query parameters:\n- `success` A url to redirect to in case of successful login (use `encodeURIComponent` for proper escaping)\n- `failure` A url to redirect to in case of failed login (use `encodeURIComponent` for proper escaping)\n\nDon't forget to `encodeURIComponent` on them.\n\n# Testing\n\nSay you deployed your `login-with` container with:\n- correct environment variables\n- properly configured services (e.g. Twitter callback)\n- served via https on `auth.your-domain.com`\n\nThen you can test everything by just \"visiting\" your login strategy with the browser, e.g. `https://auth.your-domain.com/twitter`.\nIn case of success, you will be finally redirected and see the contents of your profile as JSON.\nIn case of error, the error will be shown as JSON.\n\n# Example\n\nVisit [login-with.com](https://login-with.com). The source code is [here](https://github.com/lipp/login-with/tree/master/example/nextjs).\n\n# Deployment with now\n\nNote: **You need a custom domain** to run this microservice with now. Chrome (and maybe other browsers) explicitly prevent\nusage of wildcard cookies on .now.sh, which are required for this microservice to work.\n\n1. Create your secrets for the environment variables\n2. Deploy, e.g. with [now](https://zeit.co/now)\n```sh\nnow lipp/login-with \\\n\t-e NODE_ENV=production \\\n\t-e LW_SUBDOMAIN=login.yourdomain.com \\\n\t-e LW_SESSION_SECRET=@lw-session-secret \\\n\t-e LW_JWT_SECRET=@lw-token-secret \\\n\t-e LW_REDDIT_CLIENTID=@lw-reddit-clientid \\\n\t-e LW_REDDIT_CLIENTSECRET=@lw-reddit-clientsecret \\\n\t-e LW_GITHUB_CLIENTID=@lw-github-clientid \\\n\t-e LW_GITHUB_CLIENTSECRET=@lw-github-clientsecret \\\n\t-e LW_TWITTER_CONSUMERKEY=@lw-twitter-consumerkey \\\n\t-e LW_TWITTER_CONSUMERSECRET=@lw-twitter-consumersecret \\\n\t-e LW_INSTAGRAM_CLIENTID=@lw-instagram-clientid \\\n\t-e LW_INSTAGRAM_CLIENTSECRET=@lw-instagram-clientsecret \\\n\t--alias login.yourdomain.com\n```\n\n# Deployment with Docker\n\n1. Create your secrets for the environment variables\n2. Deploy, e.g. with Docker\n```sh\ndocker run lipp/login-with -p 80:3000 \\\n\t-e NODE_ENV=production \\\n\t-e LW_SUBDOMAIN=login.yourdomain.com \\\n\t-e LW_SESSION_SECRET=@lw-session-secret \\\n\t-e LW_JWT_SECRET=@lw-token-secret \\\n\t-e LW_REDDIT_CLIENTID=@lw-reddit-clientid \\\n\t-e LW_REDDIT_CLIENTSECRET=@lw-reddit-clientsecret \\\n\t-e LW_GITHUB_CLIENTID=@lw-github-clientid \\\n\t-e LW_GITHUB_CLIENTSECRET=@lw-github-clientsecret \\\n\t-e LW_TWITTER_CONSUMERKEY=@lw-twitter-consumerkey \\\n\t-e LW_TWITTER_CONSUMERSECRET=@lw-twitter-consumersecret \\\n\t-e LW_INSTAGRAM_CLIENTID=@lw-instagram-clientid \\\n\t-e LW_INSTAGRAM_CLIENTSECRET=@lw-instagram-clientsecret \\\n```\n","funding_links":[],"categories":["JavaScript","*.js","passport","twitter","Capabilities"],"sub_categories":["Node","Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flipp%2Flogin-with","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flipp%2Flogin-with","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flipp%2Flogin-with/lists"}