Skip to content

Commit e638dc9

Browse files
lane711claude
andauthored
docs(www): comprehensive documentation update for missing features (#774)
- Rewrite webhooks page (was placeholder content from Protocol CMS) - Add OAuth/Social Login plugin docs and auth page section - Add Security Audit plugin docs and security page section - Add Global Variables plugin docs - Add Code Examples plugin docs - Add Testimonials plugin docs - Update plugins overview page with all missing plugins Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
1 parent dd67184 commit e638dc9

12 files changed

Lines changed: 3613 additions & 112 deletions

File tree

www/src/app/authentication/page.mdx

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ export const sections = [
22
{ title: 'Overview', id: 'overview' },
33
{ title: 'JWT Authentication', id: 'jwt-authentication' },
44
{ title: 'Passwordless Authentication', id: 'passwordless-authentication' },
5+
{ title: 'OAuth / Social Login', id: 'oauth-social-login' },
56
{ title: 'User Management', id: 'user-management' },
67
{ title: 'User Profiles', id: 'user-profiles' },
78
{ title: 'RBAC', id: 'rbac' },
@@ -250,6 +251,107 @@ curl -X POST http://localhost:8787/auth/magic-link/request \
250251

251252
---
252253

254+
## OAuth / Social Login
255+
256+
SonicJS supports OAuth2 social login through the **OAuth Providers** plugin, allowing users to sign in with GitHub, Google, and other providers using the standard authorization code flow.
257+
258+
### Supported Providers
259+
260+
| Provider | Scopes | Profile Data |
261+
|----------|--------|--------------|
262+
| **GitHub** | `read:user`, `user:email` | ID, email, name, avatar |
263+
| **Google** | `openid`, `email`, `profile` | ID, email, name, avatar |
264+
265+
### Quick Setup
266+
267+
1. Create an OAuth app on the provider (GitHub or Google)
268+
2. Navigate to **Admin > Plugins > OAuth Providers**
269+
3. Enter your **Client ID** and **Client Secret** for each provider
270+
4. Toggle **Enable** and save
271+
272+
### OAuth Endpoints
273+
274+
<ApiEndpoint method="GET" path="/auth/oauth/:provider" description="Redirect to provider authorization page" auth={false} />
275+
276+
<ApiEndpoint method="GET" path="/auth/oauth/:provider/callback" description="Handle OAuth callback and authenticate user" auth={false} />
277+
278+
<ApiEndpoint method="GET" path="/auth/oauth/accounts" description="List linked OAuth accounts for current user" auth={true} />
279+
280+
<ApiEndpoint method="POST" path="/auth/oauth/link" description="Link an OAuth provider to current account" auth={true} />
281+
282+
<ApiEndpoint method="POST" path="/auth/oauth/unlink" description="Unlink an OAuth provider from current account" auth={true} />
283+
284+
### Usage
285+
286+
Add social login buttons that point to the OAuth authorization endpoints:
287+
288+
<CodeGroup title="Social Login">
289+
290+
```html
291+
<a href="/auth/oauth/github">Sign in with GitHub</a>
292+
<a href="/auth/oauth/google">Sign in with Google</a>
293+
```
294+
295+
```javascript
296+
// Programmatic redirect
297+
window.location.href = '/auth/oauth/github';
298+
```
299+
300+
</CodeGroup>
301+
302+
When a user authenticates via OAuth:
303+
- **Existing OAuth link** — the user is logged in directly
304+
- **Email matches an existing account** — the OAuth provider is automatically linked to the existing account
305+
- **New user** — an account is created from the OAuth profile with the `viewer` role
306+
307+
### Account Linking and Unlinking
308+
309+
Authenticated users can link additional OAuth providers or unlink existing ones:
310+
311+
<CodeGroup title="Account Linking">
312+
313+
```bash {{title:'Link a provider'}}
314+
curl -X POST http://localhost:8787/auth/oauth/link \
315+
-H "Authorization: Bearer eyJhbGc..." \
316+
-H "Content-Type: application/json" \
317+
-d '{ "provider": "google" }'
318+
319+
# Response: { "redirectUrl": "https://accounts.google.com/..." }
320+
# Redirect the user to the returned URL to complete linking
321+
```
322+
323+
```bash {{title:'Unlink a provider'}}
324+
curl -X POST http://localhost:8787/auth/oauth/unlink \
325+
-H "Authorization: Bearer eyJhbGc..." \
326+
-H "Content-Type: application/json" \
327+
-d '{ "provider": "github" }'
328+
329+
# Response: { "success": true, "message": "github account unlinked" }
330+
```
331+
332+
</CodeGroup>
333+
334+
<Callout type="warning">
335+
A user cannot unlink their only authentication method. If they have no password and only one OAuth link, unlinking is blocked until they set a password or link another provider.
336+
</Callout>
337+
338+
### Choosing an Authentication Method (Updated)
339+
340+
| Method | Best For | Security | User Experience |
341+
|--------|----------|----------|-----------------|
342+
| **Email + Password** | Traditional apps, maximum control | High | Familiar, requires password management |
343+
| **OTP Login** | Mobile apps, high-security environments | Very High | Easy, no password needed, limited time |
344+
| **Magic Link** | Simplified onboarding, newsletters | High | Seamless, requires email access |
345+
| **OAuth / Social** | Consumer apps, developer tools | High | One-click, no new credentials needed |
346+
347+
<div className="not-prose mt-4">
348+
<Button href="/plugins/oauth" variant="text" arrow="right">
349+
<>Full OAuth plugin documentation</>
350+
</Button>
351+
</div>
352+
353+
---
354+
253355
## User Management
254356

255357
### User Registration
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
import { Metadata } from 'next'
2+
3+
export const metadata: Metadata = {
4+
title: 'Code Examples Plugin - SonicJS',
5+
description:
6+
'Code snippets and examples library for SonicJS with syntax highlighting, categorization, and a full CRUD API.',
7+
}
8+
9+
export default function Layout({ children }: { children: React.ReactNode }) {
10+
return children
11+
}

0 commit comments

Comments
 (0)