OAuth provider setup

"Sign in with Google / GitHub" needs an OAuth app you own at the provider. You create it, copy a client id + secret into Flarelink's Auth → Providers panel, and paste one redirect URI back at the provider. The credentials live in your project's flarelink_config on your own D1 — Flarelink stores zero OAuth secrets.

Google

1. Go to the Google Cloud Console → APIs & Services → Credentials. Create or pick a project.
2. Configure the OAuth consent screen first if prompted (External, app name, support email). Add your email as a test user while in testing.
3. Click Create Credentials → OAuth client ID → application type Web application.
4. Under Authorized redirect URIs, add https://<your-auth-host>/api/auth/callback/google (copy it from Flarelink's Providers panel).
5. Create it, then copy the Client ID and Client secret into Flarelink's Auth → Providers → Google and save.

Test it: flarelink.auth.signInWithSocial("google") should bounce through Google and back, signed in. A redirect_uri_mismatch from Google means the URI doesn't match exactly — check scheme, host, and the /api/auth/callback/google path character-for-character.

GitHub

1. Go to GitHub → Settings → Developer settings → OAuth Apps → New OAuth App. (For an org, use the org's Developer settings.)
2. Homepage URL: your app's URL. Authorization callback URL: https://<your-auth-host>/api/auth/callback/github.
3. Register the app, then Generate a new client secret.
4. Copy the Client ID and Client secret into Flarelink's Auth → Providers → GitHub and save.

GitHub OAuth Apps allow exactly one callback URL. If you run separate dev and prod auth hosts, create one OAuth App per environment (or use a custom domain in both and a GitHub App if you need multiple callbacks).

After setup

• Call it from your app: flarelink.auth.signInWithSocial("google" | "github") — see Auth.
• Attaching a custom domain changes <your-auth-host> — update each provider's redirect URI (Flarelink reminds you and re-lists them).