Sign in a user through OAuth
Build a redirect URL for a third-party OAuth provider.
Build the URL the browser should be redirected to in order to start an OAuth flow with a third-party provider (Google, GitHub, GitLab, Bitbucket, Azure, Facebook, Apple, Twitter, Discord, etc.).
This method does not perform the redirect — it returns the URL and the provider name so that the caller (e.g. a Rails controller) can issue the HTTP redirect itself. When the PKCE flow is enabled (flow_type: "pkce" on the client), a code verifier is generated and stored in the configured storage; it is consumed later by exchange_code_for_session.
Signature
supabase.auth.sign_in_with_oauth(credentials)credentials is a hash. Pass it as a literal ({ provider: "google", options: { ... } }) or use Ruby's hash-literal shorthand (provider: "google", options: { ... }).
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
provider | String | Required | OAuth provider name. Common values: google, github, gitlab, bitbucket, azure, facebook, apple, twitter, discord. |
options | Hash | Optional | Nested options described below: redirect_to, scopes, query_params. |
options keys
| Name | Type | Required | Description |
|---|---|---|---|
redirect_to | String | Optional | Absolute URL to redirect the user back to after the provider completes the flow. Appended to the authorize URL as the redirect_to query parameter. |
scopes | String | Optional | Space-separated list of OAuth scopes (e.g. "openid profile email"). Appended as the scopes query parameter. |
query_params | Hash | Optional | Extra query parameters to merge into the authorize URL (e.g. { access_type: "offline", prompt: "consent" } for Google refresh tokens). |
Returns
A Struct with :provider and :url. Issue an HTTP redirect to response.url to start the flow.
Example — Google sign-in
response = supabase.auth.sign_in_with_oauth(
provider: "google",
options: { redirect_to: "https://app.example.com/auth/callback" }
)
response.provider # => "google"
response.url # => "https://<project>.supabase.co/auth/v1/authorize?provider=google&redirect_to=..."
# In a Rails controller:
# redirect_to response.url, allow_other_host: trueExample — custom scopes
response = supabase.auth.sign_in_with_oauth(
provider: "github",
options: { scopes: "read:user user:email" }
)Example — extra query params (Google refresh token)
response = supabase.auth.sign_in_with_oauth(
provider: "google",
options: {
redirect_to: "https://app.example.com/auth/callback",
scopes: "openid profile email",
query_params: { access_type: "offline", prompt: "consent" }
}
)This method does not perform the redirect — it returns the URL so the calling framework can issue the HTTP redirect. With flow_type: "pkce", the generated code_verifier is persisted to the configured storage.