Skip to main content

Overview

mgPass supports social login via connectors for Google, Apple, and Facebook. Users can sign in with their existing social accounts, which are linked to their mgPass user profile.

How Social Login Works

Google Connector

Configuration

FieldDescription
client_idGoogle OAuth 2.0 client ID
client_secretGoogle OAuth 2.0 client secret
hosted_domainsRestrict to specific Google Workspace domains (optional)

Setup

  1. Go to the Google Cloud Console
  2. Create an OAuth 2.0 client ID (Web application type)
  3. Add https://pass.mediageneral.digital/callback/google as an authorized redirect URI
  4. Configure the connector in the mgPass admin console with the client ID and secret
Set hosted_domains to restrict sign-in to specific Google Workspace domains (e.g., ["mediageneral.com"]). Leave empty to allow any Google account.

Apple Connector

Configuration

FieldDescription
team_idApple Developer Team ID
key_idSign in with Apple key ID
private_keyThe .p8 private key contents
client_idService ID identifier

Setup

  1. In Apple Developer Portal, enable “Sign in with Apple” for your App ID
  2. Create a Service ID and configure the web authentication settings
  3. Add https://pass.mediageneral.digital/callback/apple as a return URL
  4. Generate a private key for Sign in with Apple
  5. Configure the connector in the mgPass admin console
Apple only sends the user’s name on the first authentication. mgPass stores it on initial link, but if missed, the name field will be empty.

Facebook Connector

Configuration

FieldDescription
app_idFacebook App ID
app_secretFacebook App Secret

Setup

  1. Create a Facebook App at developers.facebook.com
  2. Add Facebook Login product
  3. Add https://pass.mediageneral.digital/callback/facebook as a valid OAuth redirect URI
  4. Configure the connector in the mgPass admin console

Linking and Unlinking

Automatic Linking

When a user signs in with a social provider and their social email matches an existing mgPass account, the social identity is automatically linked to the existing account.

Viewing Linked Accounts

curl https://pass.mediageneral.digital/api/users/usr_abc123/identities \
  -H "Authorization: Bearer ADMIN_TOKEN"
Response: 
[
  {
    "provider": "google",
    "provider_user_id": "118234567890",
    "email": "kwame@gmail.com",
    "name": "Kwame Asante",
    "linked_at": 1711900000
  }
]

Unlinking

Users can unlink social accounts from their profile in the account portal, provided they have at least one other authentication method (email/password or another social account).