メインコンテンツにスキップ

概要

Casdoor can use external OAuth applications as sign-in methods. After adding a provider, its icon appears on the login and sign-up pages. Supported OAuth providers:

プロバイダーロゴプロバイダーロゴプロバイダーロゴプロバイダーロゴ
ADFSAlipayAmazonApple
Auth0Azure ADAzure AD B2CBaidu
BilibiliBitbucketBoxCasdoor
Cloud FoundryDailymotionDeezerDigitalOcean
DingTalkDiscordTiktokDropbox
Eve OnlineFacebookFitbitGitea
GiteeGitHubGitLabGoogle
HerokuInfluxCloudInfoflowInstagram
IntercomKakaoLarkLastfm
LineLinkedInMailruMeetup
MicrosoftNaverNextcloudOkta
OneDriveOuraPatreonPayPal
QQSalesforceShopifySlack
SoundCloudSpotifySteamStrava
StripeTelegramTikTokTumblr
TwitchTwitterTypetalkUber
VKWeChatWeComWeibo
WePayXeroYahooYammer
YandexZoomEmailSMS
Battle.net

Registering with a third-party OAuth service

You need a redirect URL (your app’s URL after login, e.g. https://forum.casbin.com/), scopes (what you request from the user), and Client ID / Client Secret from the provider. Keep the client secret private.

Adding an OAuth provider in Casdoor

  1. Open Providers in the sidebar and click Add.
  2. Set Category to OAuth and choose the Type (e.g. Google, GitHub).
  3. Enter Client ID and Client Secret from the provider’s developer console.

User field mapping

Use User mapping to map OAuth claims (e.g. from Okta, Azure AD) to Casdoor user fields.

Automatic account linking

Casdoor can link OAuth logins to existing users by OAuth identity, email/phone (if enabled), or username (case-insensitive). That lets you add OAuth without manual linking.

Using the provider’s access token

After OAuth sign-in, Casdoor stores the provider’s access token on the user. Your app can read it via /api/get-account and call the provider’s API (e.g. GitHub, Google Drive) on behalf of the user. Only the user and org admins can see the token. See OAuth docs.

Attaching the provider to an application

  1. Open Applications, edit the application.
  2. Add the provider and set its rules (e.g. enable for login, signup, unbind).
  3. Save.