Social Login

Social login uses a popup window flow. The popup navigates through the OAuth redirect loop and communicates the result back to the parent window via window.postMessage, keeping the JWT out of the browser's URL history, server logs, and referrer headers.

Supported Providers

Providers must be configured by the tenant administrator. Common providers include Google and Apple.

The <allegro-login-form> web component includes social login buttons automatically:

<allegro-login-form></allegro-login-form>

To hide the social buttons:

<allegro-login-form hide-third-party="true"></allegro-login-form>

The component fires allegro:login-form:social-success with { provider, session_id, token } on successful OAuth login.

Using the SDK

Call allegro.member.loginWithProvider(provider) to open the OAuth popup and await the result:

try {
    const { session_id, token } =
        await allegro.member.loginWithProvider('google');
    console.log('Authenticated, session:', session_id);
} catch (error) {
    console.error('Auth failed:', error);
}

Pass the provider slug as a string — for example 'google' or 'apple'. The method opens the popup, waits for the OAuth flow to complete, and resolves with the session on success or rejects on failure.

Response shape:

{
    session_id: string; // UUID of the newly created audience member session
    token: string; // Signed JWT for the session
}

Magic Links guide — passwordless authentication via email
allegro-login-form component — drop-in UI for social + magic link login

Supported Providers​

Using the allegro-login-form Component​

Using the SDK​

Related​

Supported Providers

Using the allegro-login-form Component

Using the SDK

Related