Skip to main content

Introduction: What Is Social Login in Frappe?

Social login in Frappe allows users to authenticate using third-party identity providers such as Google or GitHub instead of creating a traditional username and password.

In Frappe Framework v15, social authentication is implemented using the OAuth 2.0 standard. This improves user experience, enhances security, and reduces the need for password management—especially for public websites and customer portals built on Frappe or ERPNext.

Why Use Social Login in Frappe Applications?

Enabling social login provides several benefits:

  • Faster and frictionless user onboarding
  • Reduced password-related support issues
  • Secure authentication using trusted providers
  • Better user experience for public and customer-facing portals

Social login is commonly used for websites, portals, and external user access, rather than internal Desk users.

How Social Login Works in Frappe v15

Frappe implements social login using OAuth Providers, configured through a dedicated DocType.

The authentication flow works as follows:

  • User clicks a social login button (e.g., “Login with Google”)
  • User is redirected to the provider’s OAuth authorization page
  • Provider authenticates the user and returns an access token
  • Frappe validates the token and creates or logs in the user

This process is fully handled by Frappe’s OAuth framework—no custom authentication logic is required.

How to Enable Social Login in Frappe v15 (Step-by-Step)

Step 1: Enable Social Login in System Settings

Answer:
Social login must first be enabled globally.

Go to:
System Settings → Login & Security

Enable the option:

  • Allow Login using Social Providers

Save the settings.

This allows Frappe to display social login options on the login page.

Step 2: Create an OAuth Provider Entry

Answer:
Each social login provider must be configured separately.

Go to:
OAuth Provider → New

Fill in the following mandatory fields:

  • Provider Name (e.g., Google, GitHub)
  • Client ID (from the provider)
  • Client Secret (from the provider)
  • Base URL (provider authorization URL)
  • Redirect URL (generated by Frappe)

The redirect URL must be copied exactly into the provider’s developer console.

Step 3: Configure OAuth Credentials with the Provider

Create OAuth credentials in the provider’s developer console (e.g., Google Cloud Console or GitHub Developer Settings).
You must:

  • Register your site URL
  • Add the exact redirect URL provided by Frappe
  • Enable required scopes (email, profile)

Incorrect redirect URLs are the most common cause of login failures.

Step 4: Enable the OAuth Provider

Once configured:

  • Set Enabled = 1 on the OAuth Provider record
  • Save the document

The provider will now appear on the Frappe login page.

Supported OAuth Providers in Frappe v15

Frappe v15 supports OAuth-based providers such as:

  • Google
  • GitHub
  • Facebook

Custom OAuth 2.0 providers

Any provider supporting OAuth 2.0 can be integrated by supplying the correct endpoints.

User Creation and Account Mapping

When a user logs in using social authentication:

  • Frappe checks if a user with the same email exists
  • If not, a new user account is created automatically
  • The user is logged in without requiring password setup

Email address is the primary identifier for account mapping.

Best Practices for Social Login Configuration

Use HTTPS only
OAuth providers require secure HTTPS URLs in production.

Limit social login to external users
Avoid using social login for internal system administrators.

Verify email scopes
Ensure the provider returns verified email addresses.

Test in staging first
Always validate OAuth flow before enabling in production.

Common Issues and Troubleshooting

Social login button not visible

  • Check “Allow Login using Social Providers” is enabled
  • Ensure OAuth Provider is enabled

Redirect URI mismatch error

  • Confirm redirect URL matches exactly (including trailing slash)

User created but login fails

  • Verify email scope is enabled
  • Check OAuth response payload

Login works but user has no access

  • Assign appropriate roles after user creation
  • Review user permissions

Industry Relevance and Use Cases

Social login is commonly used in:

  • Public websites built on Frappe
  • Customer and vendor portals
  • ERPNext website modules
  • SaaS platforms built using Frappe

It is ideal for applications requiring external user authentication.

Technical Prerequisites

  • Frappe Framework Version 15
  • Publicly accessible site URL
  • HTTPS enabled
  • OAuth credentials from provider

Conclusion

Enabling social login in Frappe Framework v15 simplifies authentication, improves security, and enhances user experience for modern web applications. With built-in OAuth support and flexible provider configuration, Frappe allows seamless integration with trusted identity platforms—without custom development.
For production-grade Frappe or ERPNext websites, social login is a recommended best practice, not an optional feature.

Rating: 5 / 5 (2 votes)

© 2026 | goERPNext | All rights reserved