Registering Your Site with OAuth2 Providers

If you want to enable your storefront to interact with OAuth2 providers such as Google and Facebook, you must register your site as a client application with the providers you want to support. Unfortunately, there is no standard way of doing this, because the registration process is provider-specific. The following sections provide some helpful information about the registration processes of popular OAuth2 providers to help you get started.

Note:

This topic assumes that you are familiar with the OAuth2 specification and OAuth2-related concepts. In addition, several of the links provided here require a site-specific account.

Google

Google checks the redirect URLs and JavaScript origins. To register the client application, go Here.

For background information, see the following resources:

LinkedIn

To register your client application, go Here.

LinkedIn doesn't currently check redirect URLs, but this might change. As a provider, LinkedIn doesn't comply fully with the OAuth2 specification to the extent that its user data is returned in XML format, instead of in JSON format (as dictated by the specification).

Microsoft

To register your client application, go Here.

If you have a regular Live customer account through which you can test OAuth login as an end user, you can see what permissions you have given the client application by going Here and selecting Apps and Services.

For background information, see the following resources:

Facebook

To register your client application, go Here.

Facebook doesn't follow the OAuth2 specification in all cases: some of the responses in the authentication flow are in plain text, instead of JSON (as dictated by the specification). Facebook also expects a non-standard access token query parameter name in one of the URLs.

GitHub

To register your client application, go Here. The Callback URL must be an absolute URL―for example:

https://domain/on/demandware.store/Sites-SiteGenesis-Site/default/Login-OAuthReentryGitHub

GitHub allows only one URL; see the previous Google section for information about how to test with multiple domains.

Related Links

Customer Authorization with OAuth2

Registering Your Site with OAuth2 Providers