Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.aspfox.com/llms.txt

Use this file to discover all available pages before exploring further.

OAuth providers are optional. AspFox works without them — email/password and magic link authentication are available regardless. Only the Google and GitHub login buttons require OAuth configuration.

Google OAuth

Create OAuth credentials

  1. Go to console.cloud.google.com
  2. Create a new project (or select an existing one)
  3. Go to APIs & Services → Credentials
  4. Click Create Credentials → OAuth 2.0 Client ID
  5. Application type: Web application
  6. Add authorized redirect URIs: Local development: 
    http://localhost:5000/api/v1/auth/google/callback
    Production: 
    https://api.yourdomain.com/api/v1/auth/google/callback
  7. Click Create
  8. Copy the Client ID and Client Secret

Add to .env

GOOGLE_CLIENT_ID=123456789-abcdefghijklmnop.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-abc123def456ghi789

GitHub OAuth

Create an OAuth App

  1. Go to github.com/settings/developers
  2. Click OAuth Apps → New OAuth App
  3. Fill in the form: Local development:
    • Application name: Your App (Local)
    • Homepage URL: http://localhost:5173
    • Authorization callback URL: http://localhost:5000/api/v1/auth/github/callback
    Production:
    • Application name: Your App
    • Homepage URL: https://yourdomain.com
    • Authorization callback URL: https://api.yourdomain.com/api/v1/auth/github/callback
  4. Click Register application
  5. Copy the Client ID
  6. Click Generate a new client secret and copy it

Add to .env

GITHUB_CLIENT_ID=Iv1.abc123def456
GITHUB_CLIENT_SECRET=abc123def456ghi789jkl012mno345pqr678stu901

Common issues

OAuth callback URLs must match exactly. The protocol (http vs https), port number, and trailing slash all matter. A mismatch causes a redirect_uri_mismatch error from the OAuth provider with no useful error message in the browser.If Google OAuth fails with “redirect_uri_mismatch”:
  1. Check the URL your API is receiving in the callback
  2. Log context.Request.Query["redirect_uri"] temporarily
  3. Add that exact URL to the allowed list in Google Cloud Console
Separate OAuth apps for local and production — you cannot use the same redirect URI for both localhost and a production domain. Create separate credentials for each environment, or add both redirect URIs to the same Google project. GitHub allows multiple redirect URIs per app; Google does too. Scope: AspFox requests only email and profile scopes from Google, and user:email from GitHub. No additional scopes are needed.