Skip to main content

Overview

Custom Social Login allows you to use your own OAuth applications for Google, Apple, and X (Twitter) authentication instead of CDP’s default OAuth providers. This gives you complete control over the OAuth experience, including branding, rate limits, and compliance requirements. By default, Embedded Wallets uses CDP-managed OAuth applications for social login, allowing users to recognize and trust Coinbase’s brand during authentication. Custom Social Login enables you to replace these defaults with your own OAuth applications while maintaining the same seamless authentication experience.
Already using CDP’s default social login? You can switch to custom OAuth applications without disrupting existing users - they’ll retain access to their wallets and identities.

Why use custom OAuth?

When users authenticate, they’ll see your application name and branding in the OAuth consent screen instead of Coinbase’s. This creates a more cohesive experience for users who identify your application as the primary service they’re using.
Manage your own OAuth applications and configurations, including:
  • Consent screen branding and messaging
  • OAuth scopes and permissions
  • Application review and approval timelines
  • Access to provider-specific features and settings
Some organizations require:
  • Full ownership of authentication infrastructure
  • Direct relationships with OAuth providers
  • Detailed audit logs from OAuth providers
  • Compliance with specific regulatory frameworks
OAuth providers apply rate limits per application. Using your own OAuth applications allows you to:
  • Scale authentication to your specific needs
  • Request rate limit increases directly from providers
  • Avoid shared rate limits with other CDP users
  • Monitor and optimize usage patterns

How it works

By default, when users authenticate with social login:
  1. Users click “Sign in with Google” (or Apple/X)
  2. They’re redirected to the provider’s OAuth flow
  3. The OAuth consent screen shows “Coinbase” or “CDP” as the requesting application
  4. Upon approval, users are authenticated and their wallet is accessed
  5. All rate limits and quotas are managed by CDP
When you configure custom OAuth applications:
  1. Users click “Sign in with Google” (or Apple/X)
  2. They’re redirected to the provider’s OAuth flow
  3. The OAuth consent screen shows your application name as the requesting application
  4. Upon approval, users are authenticated using your OAuth credentials
  5. Rate limits and quotas are based on your OAuth application configuration
If your users are already authenticated with CDP’s default social login and you enable custom OAuth:
  • Existing users retain full access to their wallets and identities
  • No wallet re-creation or migration required
  • User identities remain consistent across the transition
  • Authentication simply switches from CDP’s OAuth app to yours
  • All wallet addresses, assets, and transaction history are preserved
This seamless migration means you can adopt custom OAuth at any time without disrupting your user base.

Critical disclaimers

Responsibility for OAuth configuration:When you configure custom OAuth applications, you are responsible for proper setup and maintenance. CDP is not responsible for issues stemming from:
  • Misconfigured OAuth redirect URLs
  • Invalid or expired OAuth credentials
  • OAuth applications that haven’t been approved by the provider
  • Rate limits or quotas imposed by OAuth providers
  • Changes to your OAuth application settings
Ensure you follow the setup guides carefully and test thoroughly before deploying to production.
Redirect URL requirements:Each provider requires an exact redirect URL to be configured in your OAuth application. These URLs are non-negotiable and must match exactly:
  • Google: https://api.cdp.coinbase.com/platform/v2/end-users/auth/oauth/google/callback
  • Apple: https://api.cdp.coinbase.com/platform/v2/end-users/auth/oauth/apple/callback
  • X: https://api.cdp.coinbase.com/platform/v2/end-users/auth/oauth/x/callback
Even minor differences (http vs https, trailing slashes, typos) will cause authentication to fail.
Identity continuity guarantee:Switching from CDP’s default social login to custom OAuth preserves user identities. Users who authenticated with CDP’s Google OAuth application will seamlessly continue to access the same wallet when you configure your custom Google OAuth application.The same applies for Apple and X - user wallets are linked to their social identity (email, user ID), not to the specific OAuth application used for authentication.

Provider comparison

ProviderSetup ComplexityVerification TimeRedirect URLSpecial Requirements
GoogleModerateInstant (may require app verification for production)https://api.cdp.coinbase.com/platform/v2/end-users/auth/oauth/google/callbackOAuth consent screen configuration
AppleHighInstanthttps://api.cdp.coinbase.com/platform/v2/end-users/auth/oauth/apple/callbackApple Developer account ($99/year), Private key (.p8 file)
XModerateInstant (may require approval for additional permissions)https://api.cdp.coinbase.com/platform/v2/end-users/auth/oauth/x/callbackRate limits apply even on free tier

Prerequisites

Before configuring custom OAuth, ensure you have:
  • CDP Project ID: Available in the CDP Portal
  • Access to CDP Portal: Permission to configure Embedded Wallets settings
  • Developer accounts: Accounts with each OAuth provider you plan to use:
  • OAuth 2.0 understanding: Basic familiarity with OAuth flows and terminology

Quick start

Choose a provider to get started with custom OAuth configuration:

Google

Set up Google OAuth with Client ID and Client Secret

Apple

Configure Apple Sign In with Services ID and private key

X

Enable X OAuth for Twitter/X authentication

Authentication Methods

Learn about all available authentication options

Implementation Guide

Integrate Embedded Wallets in your application

Security & Export

Understand security considerations

Session Management

Manage user authentication sessions