Developers
Self Hosting
Setting up OAuth Providers

Google OAuth (Gmail)

To use Google OAuth, you will need to create a Google Cloud Platform project and enable the Google Identity and Access Management (IAM) API. You will also need to create a new OAuth client ID and download the client secret.

Create and configure a new OAuth client ID

  1. Go to the Google Cloud Platform Console (opens in a new tab)
  2. From the projects list, select a project or create a new one
  3. If the APIs & services page isn't already open, open the console left side menu and select APIs & services
  4. On the left, click Credentials
  5. Click New Credentials, then select OAuth client ID
  6. When prompted to select an application type, select Web application
  7. Enter a name for your client ID, and click Create
  8. Click the download button to download the client secret
  9. Set the authorized javascript origins to https://<documenso-domain>
  10. Set the authorized redirect URIs to https://<documenso-domain>/api/auth/callback/google
  11. In the Documenso environment variables, set the following:
NEXT_PRIVATE_GOOGLE_CLIENT_ID=<your-client-id>
NEXT_PRIVATE_GOOGLE_CLIENT_SECRET=<your-client-secret>

Finally verify the signing in with Google works by signing in with your Google account and checking the email address in your profile.

Microsoft OAuth (Azure AD)

To use Microsoft OAuth, you will need to create an Azure AD application registration in the Microsoft Azure portal. This will allow users to sign in with their Microsoft accounts.

Create and configure a new Azure AD application

  1. Go to the Azure Portal (opens in a new tab)
  2. Navigate to Azure Active Directory (or Microsoft Entra ID in newer Azure portals)
  3. In the left sidebar, click App registrations
  4. Click New registration
  5. Enter a name for your application (e.g., "Documenso")
  6. Under Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) to allow any Microsoft account to sign in
  7. Under Redirect URI, select Web and enter: https://<documenso-domain>/api/auth/callback/microsoft
  8. Click Register

Configure the application

  1. After registration, you'll be taken to the app's overview page
  2. Copy the Application (client) ID - this will be your NEXT_PRIVATE_MICROSOFT_CLIENT_ID
  3. In the left sidebar, click Certificates & secrets
  4. Under Client secrets, click New client secret
  5. Add a description and select an expiration period
  6. Click Add and copy the Value (not the Secret ID) - this will be your NEXT_PRIVATE_MICROSOFT_CLIENT_SECRET
  7. In the Documenso environment variables, set the following:
NEXT_PRIVATE_MICROSOFT_CLIENT_ID=<your-application-client-id>
NEXT_PRIVATE_MICROSOFT_CLIENT_SECRET=<your-client-secret-value>