Setting Up Social Authentication
What is social authentication?
Social authentication (OAuth authentication) allows users to log into your site using their existing accounts on popular services — Discord, Google, GitHub, and others. Instead of creating a new password, the user simply clicks “Sign in with…” and confirms their login through a service they already use.
Why is it needed?
- Convenience for users — no need to remember yet another password.
- Quick registration — sign in with a couple of clicks instead of filling out a form.
- Security — user passwords are not stored on your site, and authentication goes through the secure servers of major companies.
How does it work? (in simple terms)
When a user clicks “Sign in with Discord” (or another service), the following happens:
- The user is redirected to the service’s website (e.g., Discord).
- The service asks: “Do you allow site X to access your email and name?”
- The user clicks “Allow.”
- The service redirects the user back to your site and passes a special code.
- Your site (Flute CMS) uses this code to retrieve the user’s data.
To make this process work, you need to register your application with each service and obtain two keys:
- Client ID (application identifier) — a public key that tells the service: “This is site X.”
- Client Secret (secret key) — a private key that confirms you are the actual owner of this application. Never share it with anyone!
To configure social authentication, you need admin.social or admin.boss permissions in Flute CMS.
Supported Services
Flute CMS supports authentication through the following services:
- Discord — popular among gamers, ideal for gaming communities
- Steam — for gaming communities (works differently, via OpenID)
- Google — a universal option, most users have one
- GitHub — for developer communities
- VKontakte — popular in Russia and CIS countries
- Yandex — popular in Russia and CIS countries
If the service you need is not on the list, you can suggest adding it in our Discord community .
General Requirements
Before you begin the setup, make sure that:
- HTTPS is configured — the vast majority of services require your site to use the secure HTTPS protocol. Without an SSL certificate, authentication will not work (exception — localhost for testing with some services).
- You have a real domain — most services do not accept IP addresses or localhost as a site address.
- The domain is consistent everywhere — use the same domain variant (with
wwwor without) both in the service settings and in Flute CMS.
Where to Find the Settings in Flute CMS
The social networks management page is located in the admin panel: in the sidebar menu, find the “Integrations” section and select “Social Networks”.
Path: Admin Panel → Social Networks (in the “Integrations” section of the sidebar menu)
On this page, you will see a table with all available services. Each service has:
- Social network — service name
- Timeout — connection timeout
- Registration — whether registration through this service is allowed
- Status — whether the service is enabled or disabled
- Actions — buttons for configuration and management
To add a new service, click the ”+ Add” button in the top-right corner of the page.
To configure an already added service, click the action button (gear or settings icon) next to the desired service.
Redirect URI (redirect addresses)
When registering an application with each service, you will need to specify a Redirect URI — addresses to which the service will redirect the user after authentication. Flute CMS uses two addresses for each service:
https://example.com/social/{Name}— for signing in to the sitehttps://example.com/profile/social/bind/{Name}— for linking a social network to an existing account
Where {Name} is the service name with a capital letter: Discord, Google, GitHub, Vkontakte, Yandex.
Redirect URIs must exactly match what you specified in the service settings — down to the character. A difference in even one character (e.g., an extra / at the end) will cause an error.
Setting Up Each Service
Discord
Setting Up Discord
Discord is one of the most popular services for authentication in gaming communities.
Create an application on Discord
- Open the Discord Developer Portal and log into your Discord account.
- Click the “New Application” button in the top-right corner.
- Enter the application name (e.g., your site name) and click “Create”.
Get the Client ID and Client Secret
- In the left menu of the application, go to the “OAuth2” section.
- Copy the Client ID — it is displayed on the page right away.
- Click “Reset Secret” to generate a Client Secret, and copy it.
The Client Secret is shown only once! Copy and save it immediately. If you lose it, you will need to generate a new one via “Reset Secret”.
Add Redirect URIs
- On the same “OAuth2” page, find the “Redirects” block.
- Click “Add Redirect” and add two addresses:
https://example.com/social/Discordhttps://example.com/profile/social/bind/Discord
- Click “Save Changes” at the bottom of the page.
If your site is accessible via both example.com and www.example.com, add Redirect URIs for both variants to avoid a redirect_uri_mismatch error.
Enter the data in Flute CMS
- Open
Admin Panel→Social Networks(in the “Integrations” section of the sidebar menu). - Find Discord in the list (or click ”+ Add” if it is not there).
- Enter the copied Client ID and Client Secret.
- Click “Save”.
Troubleshooting Common Issues
Error “redirect_uri_mismatch”
Cause: The Redirect URI specified in the service settings (Discord, Google, etc.) does not match what Flute CMS sends.
How to fix:
- Verify that the URIs match character by character — including the protocol (
https://), the presence or absence ofwww, and no trailing/. - If your site is accessible at multiple addresses (with and without
www), add Redirect URIs for each variant. - Make sure the same domain is specified in both Flute CMS and the service settings.
Error “invalid_client”
Cause: Incorrect Client ID or Client Secret.
How to fix:
- Go back to the service’s developer panel and re-copy the keys.
- Make sure you did not accidentally copy extra spaces.
- If the Client Secret was reset, the old one stops working — use the new one.
Authentication doesn’t work, the page just reloads
Cause: Most likely an issue with HTTPS or incorrect redirect URIs.
How to fix:
- Make sure your site is running on HTTPS with a valid SSL certificate.
- Verify that the redirect URIs in the service are specified with
https://, nothttp://.
Steam authentication doesn’t work
Cause: The Steam API Key is missing or incorrectly entered.
How to fix:
- Open
Admin Panel→General Settingsand check the “STEAM API Key” field. - Make sure the API key is valid on the Steam Web API Key page.
Authentication doesn’t work on localhost
Cause: Most services do not accept localhost as an address for OAuth.
How to fix:
- Use a real domain for testing.
- As a temporary solution, set up a local domain through the
hostsfile on your computer. - Google allows using
localhostfor testing — this is an exception.
If authentication still doesn’t work after completing all the steps, reach out for help in our Discord community . Attach screenshots of the settings and a description of the error — you will definitely get help.