How to set up white-labeled Ghost sign in with your social accounts

Not really a normal blog post, but sketchy directions for Social Sign On.

How to set up white-labeled Ghost sign in with your social accounts

Ready to get started with white-labeling your Single Sign On service from Spectral Web Services? Here are some directions to get you started.

💡
These directions are seriously sketchy and unpolished, but they're 100% better than nothing -- I hope.

If you're just starting to think about Social Sign On for Ghost, start here for the basics.

Add DNS, if desired:

Add a DNS entry for login.yourdomain.com (or whatever you'd like the subdomain named) as a CNAME for login.spectralwebservices.com.  (Google prefers this and will otherwise not fully white-label. And it looks better than bouncing through my login server.) Send me an email with the name of the subdomain after you've added the DNS so that I can activate it. In all the directions below, replace login.spectralwebservices.com with your new subdomain.

Facebook

Head over to: Facebook: https://developers.facebook.com/

You're going to create an app.   Directions are here: https://developers.facebook.com/docs/development/create-an-app  Your use case is "Authenticate and request data from users with Facebook Login"

You're going to want to link your Facebook business account.  Facebook business validation is 'fun' if you haven't already done it.  Hopefully you have. :)

If you'd like to invite me as an administrator (catherine.sarisky), I can handle the specific app permissions settings.  Or you'll need to request the following permissions:  email, public_profile.  And you'll need to set the authorized/redirect urls to https://login.spectralwebservices.com/auth/facebook and https://login.spectralwebservices.com/auth/facebook/callback (adjust if you change the subdomain).

Send me the client secret and app ID.

Google

Do the setup part (only) following the directions here: https://developers.google.com/identity/openid-connect/openid-connect

The authorized redirect URLs are https://login.spectralwebservices.com/auth/google and https://login.spectralwebservices.com/auth/google/callback

Send me the client secret and client ID.

LinkedIn

If you decide you'd like me to do this instead, I can, just need an invite and to know what the privacy policy link is.

https://developer.linkedin.com/

Click 'my apps'

Click 'create app'

Fill in the form and hit create.

If your linkedin company account isn't verified, you will need to do that.

Edit the app you just created, and click the "Auth" tab. (image below). I need the Client ID and Primary Client Secret. You may need to click 'generate' if there's nothing there.

Add an authorized redirect URL (as above - same exact URL, or substitute your login domain). If you also want to point your OWN domain at my login server (like login.yourdomain.com), create a new DNS entry with a CNAME for login.spectralwebservices.com, add its url (including the paths) in the box above also. Email me with the domain of your new CNAME so that I can set it up on my end.

Then you may also need to check under products tab for this. Add it if it's missing.

Then recheck that the Auth tab has the scopes in the image above.

And that should be it!

Sketchy directions for Apple (coming soon)

Directions are here: https://github.com/ananay/apple-auth/blob/master/SETUP.md

Your return url is https://login.yourdomain.com/auth/apple/callback

I need the downloaded key file plus team id, app id, key_id.

Sketchy directions for Microsoft (coming soon)

Use this link to create a sign-in app with Microsoft: https://apps.dev.microsoft.com/#/appList

Will need a consumer key and secret.