GudCalGudCal
Docs
Authentication

Authentication

Configure authentication providers for GudCal.

GudCal supports three authentication methods out of the box: Google OAuth, email/password, and passwordless magic links.

Environment Variables

Add these to your .env.local file:

# Required — session encryption key
AUTH_SECRET="your-random-secret-here"
 
# Google OAuth (optional but recommended)
GOOGLE_CLIENT_ID="your-client-id.apps.googleusercontent.com"
GOOGLE_CLIENT_SECRET="your-client-secret"

Generate AUTH_SECRET with:

npx auth secret
# or
openssl rand -base64 33

Google OAuth Setup

Create a Google Cloud project

Go to the Google Cloud Console and create a new project (or select an existing one).

Configure the OAuth consent screen

  1. Navigate to APIs & Services → OAuth consent screen
  2. Choose External user type
  3. Fill in the app name, support email, and developer contact
  4. Add the scopes: email, profile, openid

Create OAuth credentials

  1. Go to APIs & Services → Credentials
  2. Click Create Credentials → OAuth client ID
  3. Application type: Web application
  4. Add authorized redirect URIs:
    • Local: http://localhost:3000/api/auth/callback/google
    • Production: https://yourdomain.com/api/auth/callback/google
  5. Copy the Client ID and Client Secret to your .env.local

Email/Password

Email and password authentication works out of the box with no additional configuration. Passwords are hashed with bcryptjs (12 rounds).

Magic Links

Magic link (passwordless) login requires a configured email provider. See the Email setup guide to configure Resend.

Users who sign up via Google OAuth cannot use password login unless they set a password through the forgot-password flow.

Environment VariablesDatabase