Authentication
OAuth & SSO

OAuth & SSO

HiveForge supports OAuth providers through Supabase Auth for user sign-in. Google OAuth is the primary supported provider.

Google OAuth

Setup

  1. Create a project in the Google Cloud Console (opens in a new tab)
  2. Enable the Google Identity API
  3. Create OAuth 2.0 credentials (Web application type)
  4. Add authorized redirect URIs:
    • Development: http://localhost:54321/auth/v1/callback
    • Production: https://YOUR_SUPABASE_URL/auth/v1/callback
  5. Configure the credentials in Supabase Dashboard under Authentication > Providers > Google

Sign in with Google

import { createClient } from '@supabase/supabase-js'
 
const supabase = createClient(
  process.env.NEXT_PUBLIC_SUPABASE_URL!,
  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
)
 
// Redirect the user to Google sign-in
const { data, error } = await supabase.auth.signInWithOAuth({
  provider: 'google',
  options: {
    redirectTo: 'https://yourapp.com/auth/callback',
  },
})

Handle the callback

After Google redirects back, exchange the code for a session:

// In your /auth/callback route handler
const { data, error } = await supabase.auth.exchangeCodeForSession(code)
 
if (data.session) {
  // User is authenticated
  const token = data.session.access_token
  // Use this token for HiveForge API calls
}

User profile

When a user signs in via Google OAuth for the first time, HiveForge automatically:

  1. Creates a Supabase auth user
  2. Stores the user profile with email and avatar from Google
  3. Associates the user with an organization (if invited) or prompts for organization creation

Enterprise SSO

SAML-based SSO is available on the Enterprise tier. Contact support@hiveforge.dev to configure SSO for your organization.

Enterprise SSO supports:

  • SAML 2.0 identity providers (Okta, Azure AD, OneLogin)
  • Custom domains for SSO redirect
  • Just-in-time provisioning -- users are created on first sign-in
  • Role mapping -- map IdP groups to HiveForge roles

Configuration

Enterprise SSO is configured per-organization by the HiveForge team. You will need to provide:

SettingDescription
SAML Metadata URLYour IdP's metadata endpoint
Entity IDYour IdP's entity identifier
Attribute mappingHow IdP attributes map to HiveForge user fields
Default roleRole assigned to new users provisioned via SSO

Additional providers

Supabase Auth supports many OAuth providers. While Google is the primary supported provider for HiveForge, you can configure additional providers through the Supabase Dashboard:

  • GitHub
  • Microsoft (Azure AD)
  • Apple
  • Twitter / X
  • Discord
💡

Additional providers may require configuration changes. Check the Supabase Auth docs (opens in a new tab) for provider-specific setup instructions.

API KeysServer-Side Auth