Intro
Use Whop OAuth to authenticate users in your web or iOS app.This guide only covers the basic steps to implement Whop OAuth and does not cover best practices regarding the OAuth2 protocol. It is recommended to use a library to handle the OAuth2 flow.We are going to release a guide on how to implement Whop OAuth with auth.js soon.
Step 1: Create a Whop App and obtain secrets
- Go to the Whop Dashboard and create a new app or select an existing one.
-
Add a redirect uri in your apps OAuth settings
To test your app locally you can add a redirect uri on
http://localhost:{PORT}
but it is recommended to use https for production. -
Copy the app id and api key and set them in your environment variables.
Keep in mind that the api key is a secret and should not be shared with anyone. The app id is public and can be shared with anyone.
Step 2: Initiate the OAuth flow
Setup the OAuth flow
To follow this guide you will need to install the@whop/api
package from npm:
Login with Whop
button:
/api/oauth/init/route.ts
Read more about available scopes here.
Adding the Login with Whop
button
Now continue by adding a link to your app that will initiate the Login with Whop
flow:
Step 3: Exchange the code for a token
Upon successful authorization the user will be redirected to the redirect uri you specified in the query parameters withcode
and state
query parameters:
/api/oauth/callback/route.ts
Implementing with authentication frameworks
Auth.js
To implement Whop OAuth with auth.js you can use theauthJsProvider
method on the WhopOAuth
class.
Get started by setting up the relevant auth.js distribution:
- Next.js (Installation Guide) (Example) via
next-auth@beta
- SvelteKit (Installation Guide) via
@auth/sveltekit
- Qwik (Installation Guide) via
@auth/qwik
- Express (Installation Guide) via
@auth/express