Required values
- Redirect URI: https://auth.lovable.dev/\_\_/auth/handler
- Scopes:
openid,email - Grant type: Authorization Code
Provider mapping
Common field names across providers:- Redirect URI may be called: Callback URL, Sign-in redirect URI
- Issuer/Domain may be called: Issuer URL, Authority, Okta domain, Auth0 domain, Tenant domain
- Client credentials: Client ID and Client Secret
Steps
1
Create an OIDC confidential app
Create a new OIDC/Web application in your provider.
2
Configure redirect URI
Add https://auth.lovable.dev/\_\_/auth/handler as an allowed redirect/callback URL.
3
Enable required scopes
Ensure
openid and email scopes are enabled and consented if needed.4
Copy credentials to Lovable
Copy the Issuer/Domain, Client ID and Client Secret into Lovable.
Troubleshooting
Invalid issuer or discovery
Invalid issuer or discovery
Verify the issuer URL is correct for your tenant and supports OIDC discovery.
Email not returned
Email not returned
Ensure the
email scope is granted and the user has a primary email.