If the OIDC IdP I want to use is not among the ones listed under OAuth, is there a way to configure Stytch to work with it?
Hey Radu – thanks for posting!
We support any IdP that uses OIDC via our SSO (Single Sign On) product (for B2B Stytch projects). You can find more information about Stytch SSO here: Getting started with SSO
We currently only support the providers listed in our Docs for OAuth specifically, but if the IdP uses OIDC, SSO is generally a good fit.
Happy to help with any questions you have about this!
Thanks! I’m already using a few other authentication methods in my app - OAuth, magic links, OTP - and have many users already, using the Stytch consumer product (in a Next.js app). Does adding SSO make sense in this case? Is it a straightforward add-on, or do I have to switch to a different SDK?
Hey Radu!
To your point, SSO (OIDC and SAML) is currently only supported in our B2B API. Our SSO product specifically allows users to sign in with a specific application within an IdP - for instance, all users in CompanyA’s Microsoft Entra application/account - rather than allowing anyone with an account at that IdP to connect.
OAuth (in our Consumer API), on the other hand, does allow any end user with an account at that IdP to link their account to your application - they don’t have to belong to a specific organization.
Is this (OAuth) more what you’re looking for? If so, which IdP in particular are you interested in that isn’t available?
Yes, OAuth is the scenario I’m interested in, any user with an Intuit account (this is the IdP), should be able to sign in.
Ideally I’d be able to use Stytch directly with Intuit as an IdP.
I’ve also implemented the auth flow myself, but I got stuck at creating a Stytch session after obtaining the ID token in the OAuth callback. Is there a way to create a Stych session once we have the Stych user created/identified? (directly, not via email/sms)
Got it, thanks Radu! There unfortunately isn’t a way to integrate a Consumer Stytch project with Intuit OAuth at the moment, though I’d be happy to raise this internally as a feature request for future consideration.
There also isn’t a way to create a Stytch Session on demand after the user completes the OAuth flow on your end. There are some considerations like user deduplication, email address changes, IdP email address verification, etc. that would make this quite complex.
Are these users able to use an alternative login method (like Magic Links or OTP), or is this a hard blocker?
I understand and will consider alternatives, thank you!