OAuth Settings
The OAuth Settings category configures device-flow authentication, allowing members to log in to client PCs using their existing social accounts. This implements the Device Authorization Grant (RFC 8628), which is designed for kiosk and public environment scenarios where users authenticate on a separate device (their phone) rather than typing credentials on a shared PC.
Master Toggle
The Enable OAuth Login toggle controls the entire OAuth system. When disabled, no OAuth login option appears on client lock screens. When enabled, the configured providers are available for member login.
Cafe Name
A display name for your cafe that is shown during the OAuth authentication context. This helps members confirm they are logging in to the correct establishment when they see the authorization prompt on their phone.
Allow Login Without Credit
When enabled, members are permitted to log in via OAuth even if their wallet balance is zero. This is useful for cafes that want to allow free browsing or where members pay at the counter rather than through prepaid credit.
When disabled, members must have a positive wallet balance to complete an OAuth login.
Provider Configuration
HandyCafe supports five OAuth providers. Each provider is configured independently:
| Field | Description |
|---|---|
| Enable toggle | Turn Google login on or off |
| Client ID | The OAuth 2.0 Client ID from your Google Cloud Console project |
| Client Secret | The corresponding client secret |
| JSON import | Upload a Google-format credentials JSON file to auto-populate the Client ID and Client Secret fields |
| Field | Description |
|---|---|
| Enable toggle | Turn Facebook login on or off |
| Client ID | The App ID from your Facebook Developer application |
| Client Secret | The App Secret from your Facebook Developer application |
Apple
| Field | Description |
|---|---|
| Enable toggle | Turn Apple login on or off |
| Client ID | The Services ID from your Apple Developer account |
| Client Secret | The generated client secret (JWT-based) |
X (Twitter)
| Field | Description |
|---|---|
| Enable toggle | Turn X login on or off |
| Client ID | The OAuth 2.0 Client ID from the X Developer Portal |
| Client Secret | The corresponding client secret |
Discord
| Field | Description |
|---|---|
| Enable toggle | Turn Discord login on or off |
| Client ID | The Application ID from the Discord Developer Portal |
| Client Secret | The corresponding client secret |
Setting Up a Provider
- Create a developer application on the provider's platform (links to each provider's developer console are available next to the configuration fields).
- Configure the application for the Device Authorization Grant flow where applicable.
- Copy the Client ID and Client Secret into the corresponding fields in HandyCafe.
- Enable the provider toggle.
- Save the settings.
For Google specifically, you can export the credentials JSON from the Google Cloud Console and use the JSON import button to populate both fields automatically.
Testing the Configuration
After saving your OAuth settings:
- Go to a client PC that is connected to the server.
- On the client lock screen, look for the OAuth login option.
- Select a configured provider and initiate the login.
- A device code and QR code will appear on the client screen.
- Scan the QR code with your phone or visit the displayed URL and enter the code.
- Complete the authentication on your phone.
- The server polls for the token and, depending on your configuration, either auto-approves the login or sends a request to the admin for approval.
- Once approved, the member account is created or linked and the client session starts.
For the complete device-flow login process, see the OAuth Login documentation.