OAuth Authentication

Featul supports OAuth authentication with Google and GitHub, allowing you to sign in using your existing accounts. OAuth provides a secure and convenient way to access Featul without creating a separate password.

​

Supported OAuth Providers

Featul currently supports two OAuth providers:

• Google - Sign in with your Google account
• GitHub - Sign in with your GitHub account

​

Benefits of OAuth

​

Enhanced Security

• No need to create and remember another password
• Leverages the security features of trusted providers
• Automatic account linking prevents duplicate accounts
• Reduces password reuse vulnerabilities

​

Faster Sign-In

• One-click authentication
• No need to enter email and password
• Automatic sign-in if already logged into provider
• Skip email verification (verified by provider)

​

Account Management

• Manage access through your OAuth provider
• Revoke access from provider settings if needed
• Use your provider’s security features (2FA, security keys)

​

Signing In with Google

To sign in with your Google account:

1. Click “Sign in with Google” on the sign-in page
2. Select your Google account
3. Review and approve the permissions requested
4. You’ll be redirected back to Featul and signed in

​

Permissions Requested

Featul requests only the minimum permissions needed:

• Basic profile information (name, email)
• Email address for account identification

Featul does not request access to your emails, files, or other Google services.

​

Signing In with GitHub

To sign in with your GitHub account:

1. Click “Sign in with GitHub” on the sign-in page
2. Select your GitHub account
3. Review and approve the permissions requested
4. You’ll be redirected back to Featul and signed in

​

Permissions Requested

Featul requests only the minimum permissions needed:

• Read access to your email address
• Read access to your profile information

Featul does not request access to your repositories, organizations, or other GitHub resources.

​

First-Time Sign-In

When you sign in with OAuth for the first time:

1. Featul creates a new account using your OAuth provider information
2. Your name and email are automatically populated
3. You receive a welcome email
4. You’re immediately signed in and can start using Featul

​

Linking OAuth Accounts

You can link multiple OAuth providers to the same Featul account:

1. Sign in to your Featul account
2. Go to your account settings
3. Navigate to the “Connected Accounts” section
4. Click “Connect” next to the provider you want to link
5. Authorize the connection

​

Benefits of Linking Multiple Providers

• Sign in with either Google or GitHub
• Account recovery if you lose access to one provider
• Flexibility to use your preferred provider

​

Account Linking Behavior

Featul automatically links accounts when:

• You sign in with OAuth using an email already registered
• The email address matches an existing Featul account
• The email is verified by the OAuth provider

​

Managing OAuth Connections

To manage your connected OAuth accounts:

1. Sign in to Featul
2. Go to account settings
3. Navigate to “Connected Accounts”
4. View all connected providers
5. Disconnect providers you no longer want to use

​

Security Considerations

​

OAuth Provider Security

Your OAuth provider’s security directly affects your Featul account:

• Enable 2FA on your Google or GitHub account
• Use strong passwords for your OAuth providers
• Monitor authorized applications regularly
• Revoke access for unfamiliar applications

​

Revoking Access

You can revoke Featul’s access from your OAuth provider: Google:

1. Go to your Google Account settings
2. Navigate to “Security” > “Third-party apps with account access”
3. Find Featul and click “Remove Access”

GitHub:

1. Go to GitHub Settings
2. Navigate to “Applications” > “Authorized OAuth Apps”
3. Find Featul and click “Revoke”

​

Combining OAuth with Other Security Features

​

Two-Factor Authentication

Even when using OAuth, you can enable 2FA on your Featul account:

1. Sign in with OAuth
2. Go to security settings
3. Enable two-factor authentication
4. Follow the setup process

This adds an extra layer of security specific to Featul, independent of your OAuth provider’s 2FA.

​

Passkeys

You can add passkeys to your OAuth-authenticated account:

1. Sign in with OAuth
2. Go to security settings
3. Add a passkey
4. Use passkeys for faster future sign-ins

See the Passkeys guide for more information.

​

Troubleshooting

​

OAuth Sign-In Failed

1. Ensure you’re using a verified email with your OAuth provider
2. Check that you approved all requested permissions
3. Try signing in again
4. Clear your browser cache and cookies

​

Email Already in Use

If you see “Email already in use”:

1. You already have a Featul account with that email
2. Sign in using your existing method (email/password)
3. Link the OAuth provider from account settings

​

Cannot Disconnect OAuth

You cannot disconnect an OAuth provider if:

1. It’s your only authentication method
2. Set up email/password or add a passkey first
3. Then you can safely disconnect OAuth

​

Rate Limits

OAuth sign-in is subject to the same rate limits as other authentication methods:

• General authentication: 100 requests per minute
• Individual OAuth callbacks are not separately rate-limited

​

Next Steps