This document explains how to configure Google and GitHub OAuth login, as well as Cloudflare Turnstile CAPTCHA verification.
- Google OAuth Configuration
- GitHub OAuth Configuration
- Cloudflare Turnstile Configuration
- Deployment Configuration
- FAQ
- Visit Google Cloud Console
- Click the project selector at the top, then click "New Project"
- Enter a project name (e.g.,
QuantDinger), click "Create"
- In the left menu, select "APIs & Services" → "OAuth consent screen"
- Choose user type:
- External: Allows any Google account to login (recommended)
- Internal: Only for organization users (requires Google Workspace)
- Fill in application information:
- App name:
QuantDinger - User support email: Your email
- Developer contact information: Your email
- App name:
- Click "Save and Continue", skip "Scopes" and "Test users", complete setup
- In the left menu, select "APIs & Services" → "Credentials"
- Click "+ Create Credentials" → "OAuth client ID"
- Select application type: Web application
- Enter name:
QuantDinger Web Client - Add "Authorized redirect URIs":
http://localhost:5000/api/auth/oauth/google/callbackAfter deploying to server, add production URI (see below)
- Click "Create"
- Copy the generated Client ID and Client Secret
# Google OAuth
GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-client-secret
GOOGLE_REDIRECT_URI=http://localhost:5000/api/auth/oauth/google/callback- Visit GitHub Developer Settings
- Click "OAuth Apps" → "New OAuth App"
- Fill in application information:
- Application name:
QuantDinger - Homepage URL:
http://localhost:8080(or your domain) - Authorization callback URL:
http://localhost:5000/api/auth/oauth/github/callback
- Application name:
- Click "Register application"
- On the application details page, copy the Client ID
- Click "Generate a new client secret"
- Immediately copy the Client Secret (shown only once)
# GitHub OAuth
GITHUB_CLIENT_ID=your-client-id
GITHUB_CLIENT_SECRET=your-client-secret
GITHUB_REDIRECT_URI=http://localhost:5000/api/auth/oauth/github/callbackTurnstile is a free, privacy-friendly CAPTCHA service provided by Cloudflare to prevent bot attacks.
- Visit Cloudflare Turnstile
- Click "Add site"
- Fill in information:
- Site name:
QuantDinger - Domain: Add your domain (for local development, add
localhost) - Widget Mode: Select
Managed(recommended) orInvisible
- Site name:
- Click "Create"
After creation, you will see:
- Site Key: Used by frontend, can be public
- Secret Key: Used by backend, keep it secret
# Cloudflare Turnstile
TURNSTILE_SITE_KEY=your-site-key
TURNSTILE_SECRET_KEY=your-secret-keyWhen deploying to a server with a domain name, you need to update the configuration.
Assuming your domain is yourdomain.com, with frontend and backend deployed under the same domain via nginx reverse proxy:
- Frontend:
https://yourdomain.com - Backend API:
https://yourdomain.com/api
.env Configuration:
# Frontend URL (redirect after OAuth success)
FRONTEND_URL=https://yourdomain.com
# Google OAuth
GOOGLE_REDIRECT_URI=https://yourdomain.com/api/auth/oauth/google/callback
# GitHub OAuth
GITHUB_REDIRECT_URI=https://yourdomain.com/api/auth/oauth/github/callbackAssuming:
- Frontend:
https://yourdomain.com - Backend API:
https://api.yourdomain.com
.env Configuration:
FRONTEND_URL=https://yourdomain.com
GOOGLE_REDIRECT_URI=https://api.yourdomain.com/api/auth/oauth/google/callback
GITHUB_REDIRECT_URI=https://api.yourdomain.com/api/auth/oauth/github/callbackAfter deployment, you also need to update callback URLs in OAuth provider dashboards:
Google Cloud Console:
- Go to "Credentials" page
- Edit your OAuth client
- Add production URL in "Authorized redirect URIs":
https://yourdomain.com/api/auth/oauth/google/callback
GitHub Developer Settings:
- Edit your OAuth App
- Update "Authorization callback URL" to production URL
In Cloudflare Turnstile dashboard, make sure to add your production domains:
yourdomain.comwww.yourdomain.com(if used)
A: Callback URL mismatch. Please check:
GOOGLE_REDIRECT_URIorGITHUB_REDIRECT_URIin.env- Callback URL configured in OAuth provider dashboard
- Both must match exactly (including http/https, port, path)
A: Please check:
- Are
TURNSTILE_SITE_KEYandTURNSTILE_SECRET_KEYcorrect? - Is your current domain added to Turnstile's domain list?
- For local development, make sure
localhostis added
A: Leave the related configuration empty in .env:
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=The system will automatically hide third-party login buttons.
A: Set in .env:
ENABLE_REGISTRATION=falseA: Please check if FRONTEND_URL is configured correctly, make sure it's the complete frontend page URL (including protocol).