To add Google or GitHub OAuth login to a Lovable app, you need three things: enable the OAuth provider in Supabase Dashboard → Authentication → Providers with your client ID and secret, add your Supabase callback URL to the OAuth provider's allowed redirect URIs, and update your Lovable app's login code to call supabase.auth.signInWithOAuth() with the correct provider and redirectTo URL. The Supabase callback URL format is https://[your-project].supabase.co/auth/v1/callback.
Why OAuth setup breaks without proper redirect configuration in Lovable
OAuth login (Sign in with Google, Sign in with GitHub) works by redirecting the user to the provider's consent screen, then back to your app with an authorization code. This redirect chain involves three URLs that must all be configured correctly, or the flow breaks silently. First, the OAuth provider (Google or GitHub) needs to know which URLs are allowed to receive the redirect. If your Supabase callback URL is not in the provider's authorized redirect URI list, the provider blocks the redirect entirely. Second, Supabase needs the provider's client ID and secret to exchange the authorization code for user data. Third, your Lovable app needs to tell Supabase where to redirect the user after Supabase processes the OAuth callback. The most common failure is a URL mismatch. Users configure the OAuth provider with their lovable.app preview URL but then publish to a custom domain — the redirect fails because the published domain is not in the allowed list. Another frequent issue is forgetting to update the Supabase Site URL from the default localhost:3000 to the actual app URL, which causes Supabase to redirect back to localhost after the OAuth flow.
- Supabase callback URL not added to the OAuth provider's authorized redirect URIs
- Client ID or client secret entered incorrectly in Supabase Dashboard → Authentication → Providers
- Supabase Site URL still set to localhost:3000 instead of the actual app domain
- Preview domain and published domain both need to be in the redirect URLs list but only one is configured
- Missing redirectTo parameter in the signInWithOAuth call, causing Supabase to redirect to the Site URL default
Error messages you might see
Error 400: redirect_uri_mismatchGoogle rejected the OAuth redirect because the callback URL is not in the authorized redirect URIs. Add https://[your-project].supabase.co/auth/v1/callback to Google Cloud Console → APIs & Services → Credentials → OAuth 2.0 Client → Authorized redirect URIs.
The redirect_uri MUST match the registered callback URL for this applicationGitHub rejected the OAuth redirect for the same reason. Add the Supabase callback URL to your GitHub OAuth App → Settings → Authorization callback URL.
After the consent screen I'm redirected back but without user credentials in localStorageThe OAuth flow completed on the provider side but Supabase could not process the callback. Check that the client secret is correct in Supabase Dashboard and that the Site URL points to your actual app domain, not localhost.
OAuth redirect to localhost instead of production URLThe Supabase Site URL is still set to http://localhost:3000. Go to Supabase Dashboard → Authentication → URL Configuration and change it to your published Lovable app URL.
Before you start
- A Lovable project with Supabase Auth enabled (via Cloud tab → Database)
- A Google Cloud Console account (for Google OAuth) or a GitHub account (for GitHub OAuth)
- Your Supabase project URL (found in Cloud tab → Secrets or Supabase Dashboard → Project Settings → API)
- Your published Lovable app URL (the lovable.app domain or custom domain where users access your app)
How to fix it
Create OAuth credentials on the provider (Google or GitHub)
The OAuth provider needs a registered application with a client ID and secret before it allows any logins
Create OAuth credentials on the provider (Google or GitHub)
The OAuth provider needs a registered application with a client ID and secret before it allows any logins
For Google: go to Google Cloud Console → APIs & Services → Credentials → Create Credentials → OAuth 2.0 Client ID. Set the application type to 'Web application'. Add your Supabase callback URL to Authorized redirect URIs: https://[your-project-ref].supabase.co/auth/v1/callback. Copy the Client ID and Client Secret. For GitHub: go to GitHub → Settings → Developer Settings → OAuth Apps → New OAuth App. Set the Authorization callback URL to https://[your-project-ref].supabase.co/auth/v1/callback. Copy the Client ID and Client Secret. Your Supabase project ref is the subdomain in your Supabase URL (e.g., 'abcdefghij' from abcdefghij.supabase.co).
Expected result: You have a Client ID and Client Secret from the OAuth provider, and the Supabase callback URL is registered as an allowed redirect URI.
Enable the provider in Supabase Dashboard
Supabase needs the client credentials to exchange the OAuth code for user data
Enable the provider in Supabase Dashboard
Supabase needs the client credentials to exchange the OAuth code for user data
Go to Supabase Dashboard → Authentication → Providers. Find Google or GitHub in the list and toggle it on. Enter the Client ID and Client Secret from the previous step. Save the configuration. Supabase will now accept OAuth callbacks from this provider and create user accounts automatically.
Expected result: The provider shows as enabled in Supabase Dashboard → Authentication → Providers with a green toggle.
Configure Supabase redirect URLs for your Lovable app
Supabase needs to know which URLs are safe to redirect users back to after authentication
Configure Supabase redirect URLs for your Lovable app
Supabase needs to know which URLs are safe to redirect users back to after authentication
In Supabase Dashboard → Authentication → URL Configuration, set the Site URL to your published Lovable app URL (like https://your-app.lovable.app). Then add all your deployment URLs to the Redirect URLs list with wildcards: https://your-app.lovable.app/**, https://your-preview.lovableproject.com/**, and any custom domain like https://yourdomain.com/**. This ensures the OAuth flow works on both preview and published environments.
Expected result: Supabase URL Configuration shows your published app URL as the Site URL and all deployment URLs are listed in Redirect URLs.
Add the OAuth sign-in button to your Lovable app
Your app needs to call the Supabase signInWithOAuth function to start the OAuth redirect flow
Add the OAuth sign-in button to your Lovable app
Your app needs to call the Supabase signInWithOAuth function to start the OAuth redirect flow
In your login page component, add a button that calls supabase.auth.signInWithOAuth() with the provider name and a redirectTo option pointing to your app's post-login page. The redirectTo URL should be the page users see after logging in (like /dashboard). Include both Google and GitHub buttons if you want to offer both options. If handling the callback and session management across multiple components feels complex, RapidDev's engineers have set up OAuth flows across 600+ Lovable projects.
// Login page without OAuth — only email/password<Button onClick={handleEmailLogin}>Sign In</Button>// Login page with Google and GitHub OAuth buttonsconst handleGoogleLogin = async () => { await supabase.auth.signInWithOAuth({ provider: "google", options: { redirectTo: `${window.location.origin}/dashboard`, }, });};const handleGitHubLogin = async () => { await supabase.auth.signInWithOAuth({ provider: "github", options: { redirectTo: `${window.location.origin}/dashboard`, }, });};// In the JSX:<div className="space-y-3"> <Button onClick={handleGoogleLogin} variant="outline" className="w-full"> Sign in with Google </Button> <Button onClick={handleGitHubLogin} variant="outline" className="w-full"> Sign in with GitHub </Button></div>Expected result: Clicking the OAuth button redirects to the provider's consent screen. After approval, the user is redirected back to your app's dashboard with an active session.
Complete code example
1import { useState } from "react";2import { useNavigate } from "react-router-dom";3import { Button } from "@/components/ui/button";4import { Input } from "@/components/ui/input";5import { Label } from "@/components/ui/label";6import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";7import { Separator } from "@/components/ui/separator";8import { useToast } from "@/hooks/use-toast";9import { supabase } from "@/integrations/supabase/client";1011const Login = () => {12 const [email, setEmail] = useState("");13 const [password, setPassword] = useState("");14 const [loading, setLoading] = useState(false);15 const navigate = useNavigate();16 const { toast } = useToast();1718 const handleOAuth = async (provider: "google" | "github") => {19 const { error } = await supabase.auth.signInWithOAuth({20 provider,21 options: {22 redirectTo: `${window.location.origin}/dashboard`,23 },24 });25 if (error) {26 toast({ title: "Login failed", description: error.message, variant: "destructive" });27 }28 };2930 const handleEmailLogin = async (e: React.FormEvent) => {31 e.preventDefault();32 setLoading(true);33 const { error } = await supabase.auth.signInWithPassword({ email, password });34 if (error) {35 toast({ title: "Login failed", description: error.message, variant: "destructive" });36 } else {37 navigate("/dashboard");38 }39 setLoading(false);40 };4142 return (43 <div className="min-h-screen flex items-center justify-center p-4">44 <Card className="w-full max-w-sm">45 <CardHeader>46 <CardTitle>Sign In</CardTitle>47 </CardHeader>48 <CardContent className="space-y-4">49 <Button onClick={() => handleOAuth("google")} variant="outline" className="w-full">50 Sign in with Google51 </Button>52 <Button onClick={() => handleOAuth("github")} variant="outline" className="w-full">53 Sign in with GitHub54 </Button>55 <Separator />56 <form onSubmit={handleEmailLogin} className="space-y-3">57 <div>58 <Label htmlFor="email">Email</Label>59 <Input id="email" type="email" value={email} onChange={(e) => setEmail(e.target.value)} />60 </div>61 <div>62 <Label htmlFor="password">Password</Label>63 <Input id="password" type="password" value={password} onChange={(e) => setPassword(e.target.value)} />64 </div>65 <Button type="submit" className="w-full" disabled={loading}>66 {loading ? "Signing in..." : "Sign in with Email"}67 </Button>68 </form>69 </CardContent>70 </Card>71 </div>72 );73};7475export default Login;Best practices to prevent this
- Always add the Supabase callback URL (https://[project-ref].supabase.co/auth/v1/callback) to the OAuth provider's allowed redirect URIs
- Set the Supabase Site URL to your actual published app domain, not localhost
- Add all deployment URLs (preview, published, custom domain) to Supabase Redirect URLs with /** wildcards
- Use window.location.origin in the redirectTo parameter so the redirect works on any deployment domain automatically
- Test the full OAuth flow in an incognito window to avoid cached sessions from previous login attempts
- After adding a new OAuth provider, test on both preview and published environments since redirect URLs differ
- Keep your client secret in Supabase Dashboard only — never hardcode it in your Lovable project code
- Add error handling to the signInWithOAuth call to show a toast if the OAuth redirect fails
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I'm adding Google and GitHub OAuth login to my Lovable (lovable.dev) project using Supabase Auth. My Supabase project ref: [your project ref] My published app URL: [your lovable.app URL] My custom domain (if any): [your domain] Please provide: 1. The exact Supabase callback URL I need to add to Google Cloud Console and GitHub OAuth App 2. The Supabase Dashboard settings I need to configure (Site URL, Redirect URLs, Provider settings) 3. A complete React login component with Google and GitHub OAuth buttons using supabase.auth.signInWithOAuth 4. A checklist of all URLs I need to configure across all three platforms (Google/GitHub, Supabase, Lovable)
Add Google and GitHub OAuth login buttons to @src/pages/Login.tsx. Use supabase.auth.signInWithOAuth with the provider name and set redirectTo to window.location.origin + '/dashboard'. Add both buttons above the existing email/password form with a separator between them. Style the buttons with variant='outline' and full width. Include error handling that shows a toast if the OAuth redirect fails.
Frequently asked questions
How do I add Google login to my Lovable app?
Create OAuth credentials in Google Cloud Console, add the Supabase callback URL as an authorized redirect URI, enable Google as a provider in Supabase Dashboard → Authentication → Providers, and call supabase.auth.signInWithOAuth({ provider: 'google' }) from your login page.
What is the Supabase OAuth callback URL?
The format is https://[your-project-ref].supabase.co/auth/v1/callback. Replace [your-project-ref] with your Supabase project reference ID, found in your Supabase URL or in Project Settings → API.
Why does Google OAuth redirect to localhost?
The Supabase Site URL is still set to http://localhost:3000 (the default). Go to Supabase Dashboard → Authentication → URL Configuration and change the Site URL to your published Lovable app URL.
How do I sign in with GitHub OAuth in Lovable?
Create a GitHub OAuth App in Settings → Developer Settings → OAuth Apps, set the callback URL to your Supabase callback URL, enable GitHub in Supabase Dashboard → Authentication → Providers, and call supabase.auth.signInWithOAuth({ provider: 'github' }) from your login page.
Do I need to handle the OAuth callback in my Lovable code?
No. Supabase handles the callback automatically at /auth/v1/callback. After processing, Supabase redirects the user to your app's redirectTo URL (or the Site URL if not specified). Your app just needs an onAuthStateChange listener to detect the new session.
Why does OAuth work on preview but not on the published site?
The published domain is not in the Supabase Redirect URLs list or the OAuth provider's authorized redirect URIs. Add both your preview URL and published URL (with /** wildcards) to Supabase URL Configuration and to the OAuth provider's allowed redirect URIs.
What if I can't set up OAuth myself?
OAuth configuration involves three separate platforms (Google/GitHub, Supabase, and Lovable) with URLs that must match exactly. RapidDev's engineers have configured OAuth flows across 600+ Lovable projects and can set up the complete flow correctly.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your issue.
Book a free consultation