ForjioHuudisIdentityPlugipayPaymentsStorlaunchE-commerceFulkrumaFulfilmentRiplloMarketingLinkSnapShort URLsPawpadoGPU streamingCatentioAgent runtime
Huudis Docs
⌘K

Social providers

Huudis can delegate authentication to Google, Apple, and Facebook. When configured, a "Sign in with X" button appears on the sign-in and sign-up screens. The user authenticates on the provider's site; Huudis links the resulting identity to a usr_….

This page covers how to enable each provider on a workspace.

How it works

Whichever provider you wire, the wire flow is:

  1. User clicks Continue with Google (or Apple/Facebook) on the Huudis sign-in screen.
  2. Huudis redirects the user to the provider's OAuth endpoint with the workspace's configured client credentials.
  3. User authenticates on the provider's domain.
  4. Provider redirects back to huudis.com/api/v1/auth/<provider>/callback?code=….
  5. Huudis exchanges the code for the provider's tokens, fetches the user's email, and either:
    • Links the identity to an existing usr_… if the email matches an existing Huudis user, or
    • Creates a new usr_… with the email + provider identity attached.
  6. Huudis issues a session cookie and continues with the upstream OIDC flow back to your app.

Users who signed up via a social provider don't have a Huudis password until they explicitly set one in Settings → Security. The Forgot password flow shows them this hint if they try to reset a non-existent password.

Configuring Google

  1. In the Google Cloud Console, create an OAuth 2.0 client of type "Web application".
  2. Add https://huudis.com/api/v1/auth/google/callback as an authorized redirect URI.
  3. Copy the Client ID and Client secret.
  4. In Huudis, go to Dashboard → Identity providers → Google → Configure.
  5. Paste the Client ID and Client secret. Toggle the provider enabled.

A "Continue with Google" button now appears on every sign-in screen for OIDC clients in this workspace.

The Google OAuth consent screen also needs to be configured with the scopes email, profile, and openid. For development, "External" consent screens in "Testing" mode work fine; for production traffic, you'll need to publish the consent screen (Google review takes 1-2 weeks).

Configuring Apple

Apple's Sign in with Apple is more bureaucratic — it requires an Apple Developer account ($99/year) and a few one-time setup steps.

  1. In the Apple Developer portal, create a new App ID with "Sign in with Apple" enabled.
  2. Create a new Services ID with "Sign in with Apple" enabled and configured. Add https://huudis.com/api/v1/auth/apple/callback as a return URL.
  3. Create a new Key with "Sign in with Apple" capability. Download the .p8 file — Apple only lets you download it once.
  4. Note the Team ID, Services ID, Key ID, and the .p8 contents.
  5. In Huudis, go to Dashboard → Identity providers → Apple → Configure.
  6. Paste all four values. Toggle the provider enabled.

Apple sends the user's email exactly once — on first sign-in. If you lose that email (e.g., a bug in your callback handler), Apple won't resend it on subsequent signs-in. Huudis stores it on first contact, so you don't need to worry about this if you're using Huudis as your IdP.

Configuring Facebook

  1. In the Meta for Developers console, create a new App of type "Consumer".
  2. Enable the Facebook Login product.
  3. Under Facebook Login → Settings, add https://huudis.com/api/v1/auth/facebook/callback as a valid OAuth redirect URI.
  4. Copy the App ID and App secret from Settings → Basic.
  5. In Huudis, go to Dashboard → Identity providers → Facebook → Configure.
  6. Paste the App ID and App secret. Toggle the provider enabled.

To use Facebook Login in production (i.e., for users outside your test users list), the app needs to be set to Live mode and to have completed Meta's app review for the email permission.

Account linking

If a user signs in with Google using alice@example.com, and a Huudis user already exists with that email, Huudis links the Google identity to the existing user. The user can now sign in with either method.

If the emails differ between providers (e.g., the user's Google email is alice@example.com but their Apple-relay email is alice-xxx@privaterelay.appleid.com), they're treated as two separate Huudis users. The user can manually link them from Settings → Security → Linked accounts, which requires proving control of both.

Disabling a provider

Toggle the provider disabled in Dashboard → Identity providers. Users who previously signed in with that provider can still sign in — Huudis doesn't unlink existing identities. If you want to revoke a specific user's social link, do it from End users → [user] → Linked accounts.

Next