Skip to main content

Configure OpenID Providers

To integrate zkLogin with your app, you need an OAuth client from at least one of the available providers. You use the Client ID and redirect URI from those providers in your zkLogin project. For example, the following TypeScript code constructs a Google login URL for testing.

const REDIRECT_URI = '<YOUR_SITE_URL>';

const params = new URLSearchParams({
// Configure client ID and redirect URI with an OpenID provider
client_id: $CLIENT_ID,
redirect_uri: $REDIRECT_URI,
response_type: 'id_token',
scope: 'openid',
// See below for details about generation of the nonce
nonce: nonce,
});

const loginURL = `https://accounts.google.com/o/oauth2/v2/auth?${params}`;

OpenID providers

The following table lists the OpenID providers that can support zkLogin or are currently being reviewed to determine whether they can support zkLogin.

ProviderCan support?DevnetTestnetMainnet
FacebookYesYesYesYes
GoogleYesYesYesYes
TwitchYesYesYesYes
AppleYesYesYesYes
SlackYesYesNoNo
KakaoYesYesNoNo
MicrosoftYesYesNoNo
AWS (Tenant)*YesYesYesYes
Karrier OneYesYesYesYes
Credenza3YesYesYesYes
RedBullUnder reviewNoNoNo
AmazonUnder reviewNoNoNo
WeChatUnder reviewNoNoNo
Auth0Under reviewNoNoNo
OktaUnder reviewNoNoNo
  • Sui supports AWS (Tenant) but the provider is enabled per tenant. Contact us for more information.

Configuring an OpenID provider

Select a tab for instruction on configuring the client ID ($CLIENT_ID in the previous example) and redirect URI ($REDIRECT_URI in the previous example) with the relevant provider.

  1. Navigate a browser to the Google Cloud dashboard. Either sign in or register for a Google Cloud account.

  2. Open APIs & Services > Credentials using the Google Cloud dashboard navigation.

    1

  3. On the Credentials page, select CREATE CREDENTIALS > OAuth client ID.

    2

  4. Set the Application type and Name of your application.

    3

  5. In the Authorized redirect URIs section, click the ADD URI button. Set the value for your redirect URI in the field. This should be the wallet or application frontend.

    4

  6. Click Create. If successful, Google Cloud displays the OAuth client created dialog with metadata, including your Client ID. Click OK to dismiss the dialog.

Your new OAuth client should now appear in the OAuth 2.0 Client IDs section of the Credentials page. Click the Client ID that appears next to the client to copy the value to your clipboard. Click the client name to access the redirect URI and other client data.